diff --git a/api/v4/common_types.go b/api/v4/common_types.go index 5bba9c0cd..f4c932c9f 100644 --- a/api/v4/common_types.go +++ b/api/v4/common_types.go @@ -569,6 +569,11 @@ type PhaseInfo struct { FailCount uint32 `json:"failCount,omitempty"` } +type UpgradeStrategy struct { + WaitForHistSearchDomain bool `json:"waitForHistSearchDrain,omitempty"` + EnableSearchRestartOnRemoteFailure bool `json:"enableSearchRestartOnRemoteFailure,omitempty"` +} + const ( // AppPkgDownloadPending indicates pending AppPkgDownloadPending AppPhaseStatusType = 101 diff --git a/api/v4/searchheadcluster_types.go b/api/v4/searchheadcluster_types.go index e3a7585db..a7b620b22 100644 --- a/api/v4/searchheadcluster_types.go +++ b/api/v4/searchheadcluster_types.go @@ -50,6 +50,9 @@ type SearchHeadClusterSpec struct { // Splunk Deployer Node Affinity DeployerNodeAffinity *corev1.NodeAffinity `json:"deployerNodeAffinity,omitempty"` + + // upgrade strategy for the search head cluster + UpgradeStrategy UpgradeStrategy `json:"upgradeStrategy,omitempty"` } // SearchHeadClusterMemberStatus is used to track the status of each search head cluster member @@ -128,6 +131,8 @@ type SearchHeadClusterStatus struct { // Auxillary message describing CR status Message string `json:"message"` + + UpgradePhase string `json:"upgradePhase"` } // SearchHeadCluster is the Schema for a Splunk Enterprise search head cluster diff --git a/api/v4/zz_generated.deepcopy.go b/api/v4/zz_generated.deepcopy.go index 93e988463..dfa77fd81 100644 --- a/api/v4/zz_generated.deepcopy.go +++ b/api/v4/zz_generated.deepcopy.go @@ -878,6 +878,7 @@ func (in *SearchHeadClusterSpec) DeepCopyInto(out *SearchHeadClusterSpec) { *out = new(v1.NodeAffinity) (*in).DeepCopyInto(*out) } + out.UpgradeStrategy = in.UpgradeStrategy } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SearchHeadClusterSpec. @@ -1103,6 +1104,21 @@ func (in *StorageClassSpec) DeepCopy() *StorageClassSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpgradeStrategy) DeepCopyInto(out *UpgradeStrategy) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpgradeStrategy. +func (in *UpgradeStrategy) DeepCopy() *UpgradeStrategy { + if in == nil { + return nil + } + out := new(UpgradeStrategy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumeAndTypeSpec) DeepCopyInto(out *VolumeAndTypeSpec) { *out = *in diff --git a/config/crd/bases/enterprise.splunk.com_clustermanagers.yaml b/config/crd/bases/enterprise.splunk.com_clustermanagers.yaml index b960a0d92..bd9610660 100644 --- a/config/crd/bases/enterprise.splunk.com_clustermanagers.yaml +++ b/config/crd/bases/enterprise.splunk.com_clustermanagers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: clustermanagers.enterprise.splunk.com spec: group: enterprise.splunk.com @@ -1003,6 +1003,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1047,6 +1048,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1144,6 +1146,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1205,6 +1208,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1243,6 +1247,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1263,6 +1268,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1307,6 +1313,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1386,6 +1393,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1454,9 +1462,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1587,6 +1597,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -1665,6 +1676,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -1868,8 +1880,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -1911,7 +1933,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1964,6 +1991,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1974,12 +2003,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -2270,6 +2299,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -2279,6 +2309,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -2289,6 +2320,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2300,6 +2332,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2379,6 +2412,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2493,6 +2527,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2531,6 +2566,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2598,6 +2634,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2633,6 +2670,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2768,6 +2806,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2778,14 +2817,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2799,6 +2841,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2808,9 +2851,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -2926,9 +2971,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -3047,6 +3094,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -3109,6 +3157,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3142,6 +3191,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3222,6 +3272,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -3258,6 +3311,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -3297,6 +3351,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3464,6 +3519,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3596,6 +3652,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3684,6 +3741,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3726,6 +3784,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3772,6 +3831,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3889,6 +3949,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/enterprise.splunk.com_clustermasters.yaml b/config/crd/bases/enterprise.splunk.com_clustermasters.yaml index 6019145a1..7fbcfa049 100644 --- a/config/crd/bases/enterprise.splunk.com_clustermasters.yaml +++ b/config/crd/bases/enterprise.splunk.com_clustermasters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: clustermasters.enterprise.splunk.com spec: group: enterprise.splunk.com @@ -999,6 +999,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1043,6 +1044,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1140,6 +1142,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1201,6 +1204,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1239,6 +1243,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1259,6 +1264,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1303,6 +1309,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1382,6 +1389,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1450,9 +1458,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1583,6 +1593,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -1661,6 +1672,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -1864,8 +1876,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -1907,7 +1929,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1960,6 +1987,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1970,12 +1999,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -2266,6 +2295,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -2275,6 +2305,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -2285,6 +2316,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2296,6 +2328,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2375,6 +2408,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2489,6 +2523,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2527,6 +2562,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2594,6 +2630,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2629,6 +2666,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2764,6 +2802,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2774,14 +2813,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2795,6 +2837,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2804,9 +2847,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -2922,9 +2967,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -3043,6 +3090,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -3105,6 +3153,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3138,6 +3187,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3218,6 +3268,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -3254,6 +3307,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -3293,6 +3347,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3460,6 +3515,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3592,6 +3648,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3680,6 +3737,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3722,6 +3780,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3768,6 +3827,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3885,6 +3945,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/enterprise.splunk.com_indexerclusters.yaml b/config/crd/bases/enterprise.splunk.com_indexerclusters.yaml index 571efa7a1..bded73ba8 100644 --- a/config/crd/bases/enterprise.splunk.com_indexerclusters.yaml +++ b/config/crd/bases/enterprise.splunk.com_indexerclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: indexerclusters.enterprise.splunk.com spec: group: enterprise.splunk.com @@ -851,6 +851,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -895,6 +896,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -992,6 +994,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1053,6 +1056,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1091,6 +1095,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1111,6 +1116,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1155,6 +1161,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1234,6 +1241,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1307,9 +1315,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1440,6 +1450,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -1518,6 +1529,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -1721,8 +1733,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -1764,7 +1786,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1817,6 +1844,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1827,12 +1856,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -2006,6 +2035,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -2015,6 +2045,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -2025,6 +2056,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2036,6 +2068,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2115,6 +2148,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2229,6 +2263,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2267,6 +2302,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2334,6 +2370,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2369,6 +2406,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2504,6 +2542,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2514,14 +2553,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2535,6 +2577,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2544,9 +2587,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -2662,9 +2707,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -2783,6 +2830,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2845,6 +2893,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2878,6 +2927,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2958,6 +3008,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -2994,6 +3047,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -3033,6 +3087,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3200,6 +3255,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3332,6 +3388,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3420,6 +3477,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3462,6 +3520,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3508,6 +3567,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3625,6 +3685,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4626,6 +4687,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -4670,6 +4732,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -4767,6 +4830,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -4828,6 +4892,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -4866,6 +4931,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4886,6 +4952,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -4930,6 +4997,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5009,6 +5077,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5082,9 +5151,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -5215,6 +5286,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -5293,6 +5365,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -5496,8 +5569,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -5539,7 +5622,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -5592,6 +5680,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -5602,12 +5692,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -5781,6 +5871,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -5790,6 +5881,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -5800,6 +5892,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -5811,6 +5904,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -5890,6 +5984,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6004,6 +6099,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6042,6 +6138,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6109,6 +6206,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -6144,6 +6242,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6279,6 +6378,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -6289,14 +6389,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -6310,6 +6413,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -6319,9 +6423,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -6437,9 +6543,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -6558,6 +6666,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -6620,6 +6729,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6653,6 +6763,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6733,6 +6844,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -6769,6 +6883,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -6808,6 +6923,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6975,6 +7091,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -7107,6 +7224,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -7195,6 +7313,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -7237,6 +7356,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7283,6 +7403,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7400,6 +7521,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/enterprise.splunk.com_licensemanagers.yaml b/config/crd/bases/enterprise.splunk.com_licensemanagers.yaml index bde351721..c0d03d4a1 100644 --- a/config/crd/bases/enterprise.splunk.com_licensemanagers.yaml +++ b/config/crd/bases/enterprise.splunk.com_licensemanagers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: licensemanagers.enterprise.splunk.com spec: group: enterprise.splunk.com @@ -993,6 +993,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1037,6 +1038,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1134,6 +1136,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1195,6 +1198,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1233,6 +1237,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1253,6 +1258,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1297,6 +1303,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1376,6 +1383,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1444,9 +1452,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1577,6 +1587,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -1655,6 +1666,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -1858,8 +1870,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -1901,7 +1923,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1954,6 +1981,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1964,12 +1993,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -2143,6 +2172,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -2152,6 +2182,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -2162,6 +2193,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2173,6 +2205,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2252,6 +2285,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2366,6 +2400,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2404,6 +2439,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2471,6 +2507,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2506,6 +2543,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2641,6 +2679,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2651,14 +2690,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2672,6 +2714,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2681,9 +2724,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -2799,9 +2844,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -2920,6 +2967,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2982,6 +3030,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3015,6 +3064,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3095,6 +3145,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -3131,6 +3184,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -3170,6 +3224,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3337,6 +3392,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3469,6 +3525,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3557,6 +3614,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3599,6 +3657,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3645,6 +3704,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3762,6 +3822,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/enterprise.splunk.com_licensemasters.yaml b/config/crd/bases/enterprise.splunk.com_licensemasters.yaml index 77c25c23c..1092c7b4e 100644 --- a/config/crd/bases/enterprise.splunk.com_licensemasters.yaml +++ b/config/crd/bases/enterprise.splunk.com_licensemasters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: licensemasters.enterprise.splunk.com spec: group: enterprise.splunk.com @@ -988,6 +988,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1032,6 +1033,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1129,6 +1131,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1190,6 +1193,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1228,6 +1232,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1248,6 +1253,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1292,6 +1298,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1371,6 +1378,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1439,9 +1447,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1572,6 +1582,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -1650,6 +1661,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -1853,8 +1865,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -1896,7 +1918,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1949,6 +1976,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1959,12 +1988,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -2138,6 +2167,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -2147,6 +2177,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -2157,6 +2188,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2168,6 +2200,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2247,6 +2280,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2361,6 +2395,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2399,6 +2434,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2466,6 +2502,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2501,6 +2538,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2636,6 +2674,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2646,14 +2685,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2667,6 +2709,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2676,9 +2719,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -2794,9 +2839,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -2915,6 +2962,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2977,6 +3025,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3010,6 +3059,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3090,6 +3140,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -3126,6 +3179,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -3165,6 +3219,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3332,6 +3387,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3464,6 +3520,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3552,6 +3609,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3594,6 +3652,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3640,6 +3699,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3757,6 +3817,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/enterprise.splunk.com_monitoringconsoles.yaml b/config/crd/bases/enterprise.splunk.com_monitoringconsoles.yaml index 1637618bb..152373d38 100644 --- a/config/crd/bases/enterprise.splunk.com_monitoringconsoles.yaml +++ b/config/crd/bases/enterprise.splunk.com_monitoringconsoles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: monitoringconsoles.enterprise.splunk.com spec: group: enterprise.splunk.com @@ -995,6 +995,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1039,6 +1040,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1136,6 +1138,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1197,6 +1200,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1235,6 +1239,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1255,6 +1260,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1299,6 +1305,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1378,6 +1385,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1446,9 +1454,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1579,6 +1589,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -1657,6 +1668,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -1860,8 +1872,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -1903,7 +1925,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1956,6 +1983,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1966,12 +1995,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -2145,6 +2174,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -2154,6 +2184,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -2164,6 +2195,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2175,6 +2207,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2254,6 +2287,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2368,6 +2402,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2406,6 +2441,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2473,6 +2509,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2508,6 +2545,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2643,6 +2681,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2653,14 +2692,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2674,6 +2716,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2683,9 +2726,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -2801,9 +2846,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -2922,6 +2969,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2984,6 +3032,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3017,6 +3066,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3097,6 +3147,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -3133,6 +3186,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -3172,6 +3226,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3339,6 +3394,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3471,6 +3527,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3559,6 +3616,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3601,6 +3659,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3647,6 +3706,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3764,6 +3824,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5115,6 +5176,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5159,6 +5221,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5256,6 +5319,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -5317,6 +5381,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -5355,6 +5420,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5375,6 +5441,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5419,6 +5486,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5498,6 +5566,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5566,9 +5635,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -5699,6 +5770,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -5777,6 +5849,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -5980,8 +6053,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -6023,7 +6106,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -6076,6 +6164,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -6086,12 +6176,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -6265,6 +6355,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -6274,6 +6365,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -6284,6 +6376,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6295,6 +6388,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6374,6 +6468,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6488,6 +6583,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6526,6 +6622,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6593,6 +6690,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -6628,6 +6726,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6763,6 +6862,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -6773,14 +6873,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -6794,6 +6897,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -6803,9 +6907,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -6921,9 +7027,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -7042,6 +7150,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -7104,6 +7213,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7137,6 +7247,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -7217,6 +7328,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -7253,6 +7367,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -7292,6 +7407,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7459,6 +7575,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -7591,6 +7708,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -7679,6 +7797,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -7721,6 +7840,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7767,6 +7887,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7884,6 +8005,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/enterprise.splunk.com_searchheadclusters.yaml b/config/crd/bases/enterprise.splunk.com_searchheadclusters.yaml index 5b9157afb..49d5153ff 100644 --- a/config/crd/bases/enterprise.splunk.com_searchheadclusters.yaml +++ b/config/crd/bases/enterprise.splunk.com_searchheadclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: searchheadclusters.enterprise.splunk.com spec: group: enterprise.splunk.com @@ -1001,6 +1001,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1045,6 +1046,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1142,6 +1144,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1203,6 +1206,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1241,6 +1245,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1261,6 +1266,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1305,6 +1311,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1384,6 +1391,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1457,9 +1465,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1590,6 +1600,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -1668,6 +1679,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -1871,8 +1883,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -1914,7 +1936,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1967,6 +1994,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1977,12 +2006,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -2156,6 +2185,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -2165,6 +2195,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -2175,6 +2206,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2186,6 +2218,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2265,6 +2298,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2379,6 +2413,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2417,6 +2452,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2484,6 +2520,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2519,6 +2556,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2654,6 +2692,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2664,14 +2703,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2685,6 +2727,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2694,9 +2737,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -2812,9 +2857,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -2933,6 +2980,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -2995,6 +3043,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3028,6 +3077,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3108,6 +3158,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -3144,6 +3197,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -3183,6 +3237,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3350,6 +3405,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3482,6 +3538,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3570,6 +3627,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3612,6 +3670,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3658,6 +3717,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3775,6 +3835,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5208,6 +5269,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5252,6 +5314,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5491,9 +5554,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -5590,6 +5655,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -5651,6 +5717,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -5689,6 +5756,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5709,6 +5777,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5753,6 +5822,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5832,6 +5902,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5905,9 +5976,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -6038,6 +6111,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -6116,6 +6190,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -6319,8 +6394,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -6362,7 +6447,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -6415,6 +6505,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -6425,12 +6517,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -6604,6 +6696,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -6613,6 +6706,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -6623,6 +6717,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6634,6 +6729,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6677,6 +6773,14 @@ spec: - whenUnsatisfiable type: object type: array + upgradeStrategy: + description: upgrade strategy for the search head cluster + properties: + enableSearchRestartOnRemoteFailure: + type: boolean + waitForHistSearchDrain: + type: boolean + type: object varVolumeStorageConfig: description: Storage configuration for /opt/splunk/var volume properties: @@ -6713,6 +6817,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6827,6 +6932,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6865,6 +6971,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6932,6 +7039,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -6967,6 +7075,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7102,6 +7211,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -7112,14 +7222,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -7133,6 +7246,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -7142,9 +7256,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -7260,9 +7376,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -7381,6 +7499,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -7443,6 +7562,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7476,6 +7596,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -7556,6 +7677,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -7592,6 +7716,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -7631,6 +7756,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7798,6 +7924,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -7930,6 +8057,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -8018,6 +8146,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -8060,6 +8189,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8106,6 +8236,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8223,6 +8354,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8660,6 +8792,8 @@ spec: telAppInstalled: description: Telemetry App installation flag type: boolean + upgradePhase: + type: string type: object type: object served: true diff --git a/config/crd/bases/enterprise.splunk.com_standalones.yaml b/config/crd/bases/enterprise.splunk.com_standalones.yaml index 6bb772c6b..1db6a9416 100644 --- a/config/crd/bases/enterprise.splunk.com_standalones.yaml +++ b/config/crd/bases/enterprise.splunk.com_standalones.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: standalones.enterprise.splunk.com spec: group: enterprise.splunk.com @@ -996,6 +996,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1040,6 +1041,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1137,6 +1139,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -1198,6 +1201,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -1236,6 +1240,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1256,6 +1261,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1300,6 +1306,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1379,6 +1386,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1451,9 +1459,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1584,6 +1594,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -1662,6 +1673,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -1865,8 +1877,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -1908,7 +1930,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1961,6 +1988,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1971,12 +2000,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -2267,6 +2296,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -2276,6 +2306,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -2286,6 +2317,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2297,6 +2329,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -2376,6 +2409,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -2490,6 +2524,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2528,6 +2563,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2595,6 +2631,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -2630,6 +2667,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2765,6 +2803,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2775,14 +2814,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -2796,6 +2838,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2805,9 +2848,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -2923,9 +2968,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -3044,6 +3091,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -3106,6 +3154,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3139,6 +3188,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -3219,6 +3269,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -3255,6 +3308,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -3294,6 +3348,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3461,6 +3516,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -3593,6 +3649,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -3681,6 +3738,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -3723,6 +3781,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3769,6 +3828,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -3886,6 +3946,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5360,6 +5421,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5404,6 +5466,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5501,6 +5564,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key @@ -5562,6 +5626,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must @@ -5600,6 +5665,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5620,6 +5686,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5664,6 +5731,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5743,6 +5811,7 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -5815,9 +5884,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -5948,6 +6019,7 @@ spec: clients must ensure that clusterIPs[0] and clusterIP have the same value. + This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. @@ -6026,6 +6098,7 @@ spec: NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. + This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are @@ -6229,8 +6302,18 @@ spec: conditions: description: Current service state items: - description: Condition contains details for one aspect of - the current state of this API Resource. + description: "Condition contains details for one aspect + of the current state of this API Resource.\n---\nThis + struct is intended for direct use as an array at the field + path .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t + \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" properties: lastTransitionTime: description: |- @@ -6272,7 +6355,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -6325,6 +6413,8 @@ spec: CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -6335,12 +6425,12 @@ spec: format: int32 type: integer protocol: + default: TCP description: |- Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP" type: string required: - - error - port - protocol type: object @@ -6631,6 +6721,7 @@ spec: Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | @@ -6640,6 +6731,7 @@ spec: because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer @@ -6650,6 +6742,7 @@ spec: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6661,6 +6754,7 @@ spec: has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. + If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string @@ -6740,6 +6834,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -6854,6 +6949,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6892,6 +6988,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -6959,6 +7056,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap or its @@ -6994,6 +7092,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7129,6 +7228,7 @@ spec: The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. + Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -7139,14 +7239,17 @@ spec: information on the connection between this volume type and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. + A pod can use both types of ephemeral volumes and persistent volumes at the same time. properties: @@ -7160,6 +7263,7 @@ spec: entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -7169,9 +7273,11 @@ spec: this should not be necessary, but it may be useful when manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. + Required, must not be nil. properties: metadata: @@ -7287,9 +7393,11 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. + This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. + This field is immutable. items: description: ResourceClaim references one @@ -7408,6 +7516,7 @@ spec: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine type: string lun: description: 'lun is Optional: FC target lun number' @@ -7470,6 +7579,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7503,6 +7613,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine type: string partition: description: |- @@ -7583,6 +7694,9 @@ spec: used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. properties: path: description: |- @@ -7619,6 +7733,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine type: string initiatorName: description: |- @@ -7658,6 +7773,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7825,6 +7941,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional specify whether the ConfigMap @@ -7957,6 +8074,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: optional field specify whether the @@ -8045,6 +8163,7 @@ spec: Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine type: string image: description: |- @@ -8087,6 +8206,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8133,6 +8253,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8250,6 +8371,7 @@ spec: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic diff --git a/go.mod b/go.mod index 5f282e04e..7b10c25a6 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.1 github.com/aws/aws-sdk-go v1.47.11 github.com/go-logr/logr v1.4.2 + github.com/go-resty/resty/v2 v2.16.5 github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 github.com/joho/godotenv v1.5.1 diff --git a/go.sum b/go.sum index 2bc159388..6ec1c11e6 100644 --- a/go.sum +++ b/go.sum @@ -131,6 +131,8 @@ github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXym github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-resty/resty/v2 v2.16.5 h1:hBKqmWrr7uRc3euHVqmh1HTHcKn99Smr7o5spptdhTM= +github.com/go-resty/resty/v2 v2.16.5/go.mod h1:hkJtXbA2iKHzJheXYvQ8snQES5ZLGKMwQ07xAwp/fiA= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= diff --git a/pkg/splunk/client/enterprise.go b/pkg/splunk/client/enterprise.go index a8e4c580d..02828af10 100644 --- a/pkg/splunk/client/enterprise.go +++ b/pkg/splunk/client/enterprise.go @@ -24,8 +24,8 @@ import ( "regexp" "strconv" "strings" - "time" + "github.com/go-resty/resty/v2" splcommon "github.com/splunk/splunk-operator/pkg/splunk/common" ) @@ -35,6 +35,35 @@ type SplunkHTTPClient interface { Do(*http.Request) (*http.Response, error) } +// RestyClientWrapper is a wrapper around resty.Client to implement SplunkHTTPClient interface +type RestyClientWrapper struct { + *resty.Client +} + +// Do sends an HTTP request and returns an HTTP response, implementing the SplunkHTTPClient interface +func (r *RestyClientWrapper) Do(req *http.Request) (*http.Response, error) { + restyReq := r.R() + restyReq.Method = req.Method + restyReq.URL = req.URL.String() + restyReq.Body = req.Body + restyReq.Header = req.Header + + resp, err := restyReq.Send() + if err != nil { + return nil, err + } + + httpResp := &http.Response{ + Status: resp.Status(), + StatusCode: resp.StatusCode(), + Body: io.NopCloser(strings.NewReader(resp.String())), + Header: resp.Header(), + ContentLength: resp.Size(), + } + + return httpResp, nil +} + // SplunkClient is a simple object used to send HTTP REST API requests type SplunkClient struct { // https endpoint for management interface (e.g. "https://server:8089") @@ -50,18 +79,35 @@ type SplunkClient struct { Client SplunkHTTPClient } +// UpgradeMetrics holds search metrics for a search head during upgrade. +type UpgradeMetrics struct { + ShortSearchSuccess int `json:"short_search_success"` + ShortSearchFailure int `json:"short_search_failure"` + TotalSearchSuccess int `json:"total_search_success"` + TotalSearchFailure int `json:"total_search_failure"` +} + // NewSplunkClient returns a new SplunkClient object initialized with a username and password. func NewSplunkClient(managementURI, username, password string) *SplunkClient { + client := &RestyClientWrapper{ + Client: resty.New(). + SetBaseURL(managementURI). + SetBasicAuth(username, password). + SetRetryCount(3). + SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}), + } + return &SplunkClient{ ManagementURI: managementURI, Username: username, Password: password, - Client: &http.Client{ - Timeout: 5 * time.Second, - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // don't verify ssl certs - }, - }, + Client: client, + //Client: &http.Client{ + // Timeout: 5 * time.Second, + // Transport: &http.Transport{ + // TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // don't verify ssl certs + // }, + //}, } } @@ -935,3 +981,75 @@ func (c *SplunkClient) RestartSplunk() error { expectedStatus := []int{200} return c.Do(request, expectedStatus, nil) } + +// GetUpgradeSearchMetrics uses Resty to query the search head for upgrade search metrics. +func (c *SplunkClient) GetUpgradeSearchMetrics() (*UpgradeMetrics, error) { + resp, err := c.Client.(*RestyClientWrapper).R(). + SetResult(&UpgradeMetrics{}). + Get("/services/search/metrics") + if err != nil { + return nil, err + } + if resp.IsError() { + return nil, fmt.Errorf("error fetching upgrade metrics: %s", resp.Status()) + } + metrics, ok := resp.Result().(*UpgradeMetrics) + if !ok { + return nil, fmt.Errorf("failed to parse upgrade metrics") + } + return metrics, nil +} + +// InitShcUpgrade calls the endpoint to display the upgrade banner. +func (c *SplunkClient) InitShcUpgrade() error { + resp, err := c.Client.(*RestyClientWrapper).R(). + Post("/services/shcluster/captain/control/control/upgrade-init") + if err != nil { + return err + } + if resp.IsError() { + return fmt.Errorf("error initiating SHC upgrade: %s", resp.Status()) + } + return nil +} + +// FinalizeShcUpgrade calls the endpoint to remove the upgrade banner. +func (c *SplunkClient) FinalizeShcUpgrade() error { + resp, err := c.Client.(*RestyClientWrapper).R(). + Post("/services/shcluster/captain/control/control/upgrade-finalize") + if err != nil { + return err + } + if resp.IsError() { + return fmt.Errorf("error finalizing SHC upgrade: %s", resp.Status()) + } + return nil +} + +// SetManualDetentionMode puts the search head into manual detention mode. +func (c *SplunkClient) SetManualDetentionMode() error { + resp, err := c.Client.(*RestyClientWrapper).R(). + SetBody(map[string]bool{"mode": true}). + Post("/servicesNS/admin/search/shcluster/member/control/control/set_manual_detention") + if err != nil { + return err + } + if resp.IsError() { + return fmt.Errorf("error setting manual detention mode: %s", resp.Status()) + } + return nil +} + +// UnsetManualDetentionMode removes the search head from manual detention mode. +func (c *SplunkClient) UnsetManualDetentionMode() error { + resp, err := c.Client.(*RestyClientWrapper).R(). + SetBody(map[string]bool{"mode": false}). + Post("/servicesNS/admin/search/shcluster/member/control/control/set_manual_detention") + if err != nil { + return err + } + if resp.IsError() { + return fmt.Errorf("error unsetting manual detention mode: %s", resp.Status()) + } + return nil +} diff --git a/pkg/splunk/enterprise/metrics/metrics.go b/pkg/splunk/enterprise/metrics/metrics.go new file mode 100644 index 000000000..c5afc1955 --- /dev/null +++ b/pkg/splunk/enterprise/metrics/metrics.go @@ -0,0 +1,53 @@ +package metrics + +import ( + "github.com/prometheus/client_golang/prometheus" +) + +var ( + UpgradeStartTime = prometheus.NewGauge(prometheus.GaugeOpts{ + Name: "splunk_upgrade_start_time", + Help: "Unix timestamp when the SHC upgrade started", + }) + UpgradeEndTime = prometheus.NewGauge(prometheus.GaugeOpts{ + Name: "splunk_upgrade_end_time", + Help: "Unix timestamp when the SHC upgrade ended", + }) + ShortSearchSuccessCounter = prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "splunk_short_search_success_total", + Help: "Total number of successful short searches per search head", + }, + []string{"sh_name"}, + ) + ShortSearchFailureCounter = prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "splunk_short_search_failure_total", + Help: "Total number of failed short searches per search head", + }, + []string{"sh_name"}, + ) + TotalSearchSuccessCounter = prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "splunk_total_search_success_total", + Help: "Total number of successful total searches per search head", + }, + []string{"sh_name"}, + ) + TotalSearchFailureCounter = prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "splunk_total_search_failure_total", + Help: "Total number of failed total searches per search head", + }, + []string{"sh_name"}, + ) +) + +func init() { + prometheus.MustRegister(UpgradeStartTime) + prometheus.MustRegister(UpgradeEndTime) + prometheus.MustRegister(ShortSearchSuccessCounter) + prometheus.MustRegister(ShortSearchFailureCounter) + prometheus.MustRegister(TotalSearchSuccessCounter) + prometheus.MustRegister(TotalSearchFailureCounter) +} diff --git a/pkg/splunk/enterprise/searchheadcluster.go b/pkg/splunk/enterprise/searchheadcluster.go index a19fe18b2..6cd7e2838 100644 --- a/pkg/splunk/enterprise/searchheadcluster.go +++ b/pkg/splunk/enterprise/searchheadcluster.go @@ -25,8 +25,6 @@ import ( enterpriseApi "github.com/splunk/splunk-operator/api/v4" - "github.com/go-logr/logr" - splclient "github.com/splunk/splunk-operator/pkg/splunk/client" splcommon "github.com/splunk/splunk-operator/pkg/splunk/common" splctrl "github.com/splunk/splunk-operator/pkg/splunk/controller" @@ -254,26 +252,6 @@ func ApplySearchHeadCluster(ctx context.Context, client splcommon.ControllerClie return result, nil } -// searchHeadClusterPodManager is used to manage the pods within a search head cluster -type searchHeadClusterPodManager struct { - c splcommon.ControllerClient - log logr.Logger - cr *enterpriseApi.SearchHeadCluster - secrets *corev1.Secret - newSplunkClient func(managementURI, username, password string) *splclient.SplunkClient -} - -// newSerachHeadClusterPodManager function to create pod manager this is added to write unit test case -var newSearchHeadClusterPodManager = func(client splcommon.ControllerClient, log logr.Logger, cr *enterpriseApi.SearchHeadCluster, secret *corev1.Secret, newSplunkClient NewSplunkClientFunc) searchHeadClusterPodManager { - return searchHeadClusterPodManager{ - log: log, - cr: cr, - secrets: secret, - newSplunkClient: newSplunkClient, - c: client, - } -} - // ApplyShcSecret checks if any of the search heads have a different shc_secret from namespace scoped secret and changes it func ApplyShcSecret(ctx context.Context, mgr *searchHeadClusterPodManager, replicas int32, podExecClient splutil.PodExecClientImpl) error { // Get namespace scoped secret @@ -436,207 +414,6 @@ func ApplyShcSecret(ctx context.Context, mgr *searchHeadClusterPodManager, repli return nil } -// Update for searchHeadClusterPodManager handles all updates for a statefulset of search heads -func (mgr *searchHeadClusterPodManager) Update(ctx context.Context, c splcommon.ControllerClient, statefulSet *appsv1.StatefulSet, desiredReplicas int32) (enterpriseApi.Phase, error) { - // Assign client - if mgr.c == nil { - mgr.c = c - } - - // update statefulset, if necessary - _, err := splctrl.ApplyStatefulSet(ctx, mgr.c, statefulSet) - if err != nil { - return enterpriseApi.PhaseError, err - } - - // for now pass the targetPodName as empty since we are going to fill it in ApplyShcSecret - podExecClient := splutil.GetPodExecClient(mgr.c, mgr.cr, "") - - // Check if a recycle of shc pods is necessary(due to shc_secret mismatch with namespace scoped secret) - err = ApplyShcSecret(ctx, mgr, desiredReplicas, podExecClient) - if err != nil { - return enterpriseApi.PhaseError, err - } - - // update CR status with SHC information - err = mgr.updateStatus(ctx, statefulSet) - if err != nil || mgr.cr.Status.ReadyReplicas == 0 || !mgr.cr.Status.Initialized || !mgr.cr.Status.CaptainReady { - mgr.log.Info("Search head cluster is not ready", "reason ", err) - return enterpriseApi.PhasePending, nil - } - - // manage scaling and updates - return splctrl.UpdateStatefulSetPods(ctx, mgr.c, statefulSet, mgr, desiredReplicas) -} - -// PrepareScaleDown for searchHeadClusterPodManager prepares search head pod to be removed via scale down event; it returns true when ready -func (mgr *searchHeadClusterPodManager) PrepareScaleDown(ctx context.Context, n int32) (bool, error) { - // start by quarantining the pod - result, err := mgr.PrepareRecycle(ctx, n) - if err != nil || !result { - return result, err - } - - // pod is quarantined; decommission it - memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) - mgr.log.Info("Removing member from search head cluster", "memberName", memberName) - c := mgr.getClient(ctx, n) - err = c.RemoveSearchHeadClusterMember() - if err != nil { - return false, err - } - - // all done -> ok to scale down the statefulset - return true, nil -} - -// PrepareRecycle for searchHeadClusterPodManager prepares search head pod to be recycled for updates; it returns true when ready -func (mgr *searchHeadClusterPodManager) PrepareRecycle(ctx context.Context, n int32) (bool, error) { - memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) - - switch mgr.cr.Status.Members[n].Status { - case "Up": - // Detain search head - mgr.log.Info("Detaining search head cluster member", "memberName", memberName) - c := mgr.getClient(ctx, n) - podExecClient := splutil.GetPodExecClient(mgr.c, mgr.cr, getApplicablePodNameForK8Probes(mgr.cr, n)) - err := setProbeLevelOnSplunkPod(ctx, podExecClient, livenessProbeLevelOne) - if err != nil { - // During the Recycle, our reconcile loop is entered multiple times. If the Pod is already down, - // there is a chance of readiness probe failing, in which case, even the podExec will not be successful. - // So, just log the message, and ignore the error. - mgr.log.Info("Setting Probe level failed. Probably, the Pod is already down", "memberName", memberName) - } - - return false, c.SetSearchHeadDetention(true) - - case "ManualDetention": - // Wait until active searches have drained - searchesComplete := mgr.cr.Status.Members[n].ActiveHistoricalSearchCount+mgr.cr.Status.Members[n].ActiveRealtimeSearchCount == 0 - if searchesComplete { - mgr.log.Info("Detention complete", "memberName", memberName) - } else { - mgr.log.Info("Waiting for active searches to complete", "memberName", memberName) - } - return searchesComplete, nil - - case "": // this can happen after the member has already been recycled and we're just waiting for state to update - mgr.log.Info("Member has empty Status", "memberName", memberName) - return false, nil - } - - // unhandled status - return false, fmt.Errorf("Status=%s", mgr.cr.Status.Members[n].Status) -} - -// FinishRecycle for searchHeadClusterPodManager completes recycle event for search head pod; it returns true when complete -func (mgr *searchHeadClusterPodManager) FinishRecycle(ctx context.Context, n int32) (bool, error) { - memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) - - switch mgr.cr.Status.Members[n].Status { - case "Up": - // not in detention - return true, nil - - case "ManualDetention": - // release from detention - mgr.log.Info("Releasing search head cluster member from detention", "memberName", memberName) - c := mgr.getClient(ctx, n) - return false, c.SetSearchHeadDetention(false) - } - - // unhandled status - return false, fmt.Errorf("Status=%s", mgr.cr.Status.Members[n].Status) -} - -// getClient for searchHeadClusterPodManager returns a SplunkClient for the member n -func (mgr *searchHeadClusterPodManager) getClient(ctx context.Context, n int32) *splclient.SplunkClient { - reqLogger := log.FromContext(ctx) - scopedLog := reqLogger.WithName("searchHeadClusterPodManager.getClient").WithValues("name", mgr.cr.GetName(), "namespace", mgr.cr.GetNamespace()) - - // Get Pod Name - memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) - - // Get Fully Qualified Domain Name - fqdnName := splcommon.GetServiceFQDN(mgr.cr.GetNamespace(), - fmt.Sprintf("%s.%s", memberName, GetSplunkServiceName(SplunkSearchHead, mgr.cr.GetName(), true))) - - // Retrieve admin password from Pod - adminPwd, err := splutil.GetSpecificSecretTokenFromPod(ctx, mgr.c, memberName, mgr.cr.GetNamespace(), "password") - if err != nil { - scopedLog.Error(err, "Couldn't retrieve the admin password from Pod") - } - - return mgr.newSplunkClient(fmt.Sprintf("https://%s:8089", fqdnName), "admin", adminPwd) -} - -// GetSearchHeadClusterMemberInfo used in mocking this function -var GetSearchHeadClusterMemberInfo = func(ctx context.Context, mgr *searchHeadClusterPodManager, n int32) (*splclient.SearchHeadClusterMemberInfo, error) { - c := mgr.getClient(ctx, n) - return c.GetSearchHeadClusterMemberInfo() -} - -// GetSearchHeadCaptainInfo used in mocking this function -var GetSearchHeadCaptainInfo = func(ctx context.Context, mgr *searchHeadClusterPodManager, n int32) (*splclient.SearchHeadCaptainInfo, error) { - c := mgr.getClient(ctx, n) - return c.GetSearchHeadCaptainInfo() -} - -// updateStatus for searchHeadClusterPodManager uses the REST API to update the status for a SearcHead custom resource -func (mgr *searchHeadClusterPodManager) updateStatus(ctx context.Context, statefulSet *appsv1.StatefulSet) error { - // populate members status using REST API to get search head cluster member info - mgr.cr.Status.Captain = "" - mgr.cr.Status.CaptainReady = false - mgr.cr.Status.ReadyReplicas = statefulSet.Status.ReadyReplicas - if mgr.cr.Status.ReadyReplicas == 0 { - return nil - } - gotCaptainInfo := false - for n := int32(0); n < statefulSet.Status.Replicas; n++ { - memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) - memberStatus := enterpriseApi.SearchHeadClusterMemberStatus{Name: memberName} - memberInfo, err := GetSearchHeadClusterMemberInfo(ctx, mgr, n) - if err == nil { - memberStatus.Status = memberInfo.Status - memberStatus.Adhoc = memberInfo.Adhoc - memberStatus.Registered = memberInfo.Registered - memberStatus.ActiveHistoricalSearchCount = memberInfo.ActiveHistoricalSearchCount - memberStatus.ActiveRealtimeSearchCount = memberInfo.ActiveRealtimeSearchCount - } else { - mgr.log.Error(err, "Unable to retrieve search head cluster member info", "memberName", memberName) - } - - if err == nil && !gotCaptainInfo { - // try querying captain api; note that this should work on any node - captainInfo, err := GetSearchHeadCaptainInfo(ctx, mgr, n) - if err == nil { - mgr.cr.Status.Captain = captainInfo.Label - mgr.cr.Status.CaptainReady = captainInfo.ServiceReady - mgr.cr.Status.Initialized = captainInfo.Initialized - mgr.cr.Status.MinPeersJoined = captainInfo.MinPeersJoined - mgr.cr.Status.MaintenanceMode = captainInfo.MaintenanceMode - gotCaptainInfo = true - } else { - mgr.cr.Status.CaptainReady = false - mgr.log.Error(err, "Unable to retrieve captain info", "memberName", memberName) - } - } - - if n < int32(len(mgr.cr.Status.Members)) { - mgr.cr.Status.Members[n] = memberStatus - } else { - mgr.cr.Status.Members = append(mgr.cr.Status.Members, memberStatus) - } - } - - // truncate any extra members that we didn't check (leftover from scale down) - if statefulSet.Status.Replicas < int32(len(mgr.cr.Status.Members)) { - mgr.cr.Status.Members = mgr.cr.Status.Members[:statefulSet.Status.Replicas] - } - - return nil -} - // getSearchHeadStatefulSet returns a Kubernetes StatefulSet object for Splunk Enterprise search heads. func getSearchHeadStatefulSet(ctx context.Context, client splcommon.ControllerClient, cr *enterpriseApi.SearchHeadCluster) (*appsv1.StatefulSet, error) { diff --git a/pkg/splunk/enterprise/searchheadclusterpodmanager.go b/pkg/splunk/enterprise/searchheadclusterpodmanager.go new file mode 100644 index 000000000..805e8aa5f --- /dev/null +++ b/pkg/splunk/enterprise/searchheadclusterpodmanager.go @@ -0,0 +1,366 @@ +package enterprise + +import ( + "context" + "fmt" + "time" + + "github.com/go-logr/logr" + "sigs.k8s.io/controller-runtime/pkg/log" + + enterpriseApi "github.com/splunk/splunk-operator/api/v4" + splclient "github.com/splunk/splunk-operator/pkg/splunk/client" + splcommon "github.com/splunk/splunk-operator/pkg/splunk/common" + splctrl "github.com/splunk/splunk-operator/pkg/splunk/controller" + metrics "github.com/splunk/splunk-operator/pkg/splunk/enterprise/metrics" + upgrade "github.com/splunk/splunk-operator/pkg/splunk/enterprise/upgrade" + splutil "github.com/splunk/splunk-operator/pkg/splunk/util" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" +) + +// searchHeadClusterPodManager is used to manage the pods within a search head cluster +type searchHeadClusterPodManager struct { + c splcommon.ControllerClient + log logr.Logger + cr *enterpriseApi.SearchHeadCluster + secrets *corev1.Secret + newSplunkClient func(managementURI, username, password string) *splclient.SplunkClient +} + +// newSerachHeadClusterPodManager function to create pod manager this is added to write unit test case +var newSearchHeadClusterPodManager = func(client splcommon.ControllerClient, log logr.Logger, cr *enterpriseApi.SearchHeadCluster, secret *corev1.Secret, newSplunkClient NewSplunkClientFunc) searchHeadClusterPodManager { + return searchHeadClusterPodManager{ + log: log, + cr: cr, + secrets: secret, + newSplunkClient: newSplunkClient, + c: client, + } +} + +// GatherUpgradeMetrics collects upgrade metrics from each search head and updates Prometheus counters. +func (mgr *searchHeadClusterPodManager) GatherUpgradeMetrics(ctx context.Context) error { + logger := log.FromContext(ctx) + for i := int32(0); i < mgr.cr.Spec.Replicas; i++ { + shName := fmt.Sprintf("sh-%d", i) + client := mgr.getClient(ctx, i) + upgradeMetrics, err := client.GetUpgradeSearchMetrics() + if err != nil { + logger.Error(err, "Error gathering upgrade metrics", "search head", shName) + continue + } + metrics.ShortSearchSuccessCounter.WithLabelValues(shName).Add(float64(upgradeMetrics.ShortSearchSuccess)) + metrics.ShortSearchFailureCounter.WithLabelValues(shName).Add(float64(upgradeMetrics.ShortSearchFailure)) + metrics.TotalSearchSuccessCounter.WithLabelValues(shName).Add(float64(upgradeMetrics.TotalSearchSuccess)) + metrics.TotalSearchFailureCounter.WithLabelValues(shName).Add(float64(upgradeMetrics.TotalSearchFailure)) + } + return nil +} + +// HandleUpgrade follows a state machine based on the CR status.UpgradePhase. +// The phases are (in order): +// +// NotStarted (or empty) → Initiated → DetentionSet → HistoricalSearchDrainComplete → Finalized → DetentionUnset → MetricsGathered +func (mgr *searchHeadClusterPodManager) HandleUpgrade(ctx context.Context) error { + logger := log.FromContext(ctx) + // Use the first search head's client for upgrade steps. + client := mgr.getClient(ctx, 0) + currentPhase := mgr.cr.Status.UpgradePhase + + // If UpgradePhase is empty or "NotStarted", start the upgrade. + if currentPhase == "" || currentPhase == "NotStarted" { + logger.Info("Upgrade phase is NotStarted, initiating upgrade") + if err := client.InitShcUpgrade(); err != nil { + return err + } + metrics.UpgradeStartTime.Set(float64(time.Now().Unix())) + if err := status.UpdateUpgradePhase(ctx, mgr.newSplunkClient, mgr.cr, "Initiated"); err != nil { + return err + } + currentPhase = "Initiated" + } + + if currentPhase == "Initiated" { + logger.Info("Setting manual detention mode") + if err := client.SetManualDetentionMode(); err != nil { + return err + } + if err := status.UpdateUpgradePhase(ctx, mgr.newSplunkClient, mgr.cr, "DetentionSet"); err != nil { + return err + } + currentPhase = "DetentionSet" + } + + if currentPhase == "DetentionSet" { + logger.Info("Waiting for historical searches to finish") + // Wait for historical searches to drain (using a 3-minute timeout in this example). + if err := upgrade.WaitForHistoricalSearches(ctx, client, 3*time.Minute); err != nil { + return err + } + if err := status.UpdateUpgradePhase(ctx, mgr.newSplunkClient, mgr.cr, "HistoricalSearchDrainComplete"); err != nil { + return err + } + currentPhase = "HistoricalSearchDrainComplete" + } + + if currentPhase == "HistoricalSearchDrainComplete" { + logger.Info("Finalizing SHC upgrade") + if err := client.FinalizeShcUpgrade(); err != nil { + return err + } + metrics.UpgradeEndTime.Set(float64(time.Now().Unix())) + if err := status.UpdateUpgradePhase(ctx, mgr.newSplunkClient, mgr.cr, "Finalized"); err != nil { + return err + } + currentPhase = "Finalized" + } + + if currentPhase == "Finalized" { + logger.Info("Unsetting manual detention mode after upgrade") + if err := client.UnsetManualDetentionMode(); err != nil { + return err + } + if err := status.UpdateUpgradePhase(ctx, mgr.newSplunkClient, mgr.cr, "DetentionUnset"); err != nil { + return err + } + currentPhase = "DetentionUnset" + } + + if currentPhase == "DetentionUnset" { + logger.Info("Gathering upgrade metrics") + if err := mgr.GatherUpgradeMetrics(ctx); err != nil { + return err + } + if err := status.UpdateUpgradePhase(ctx, mgr.newSplunkClient, mgr.cr, "MetricsGathered"); err != nil { + return err + } + currentPhase = "MetricsGathered" + } + + // If the phase is "MetricsGathered", the upgrade is complete. + if currentPhase == "MetricsGathered" { + logger.Info("Upgrade process complete") + } + + return nil +} + +// Reconcile is the main reconciliation loop snippet. +// It calls HandleUpgrade if an upgrade scenario is active. +func (mgr *searchHeadClusterPodManager) Reconcile(ctx context.Context) error { + logger := log.FromContext(ctx) + // ... (other reconcile logic) + + // If an upgrade is in progress (determined by CR status.UpgradePhase not being "MetricsGathered"), + // then execute the upgrade state machine. + if mgr.cr.Status.UpgradePhase != "MetricsGathered" { + if err := mgr.HandleUpgrade(ctx); err != nil { + logger.Error(err, "Upgrade handling failed") + return err + } + } + // ... (continue with remaining reconciliation) + return nil +} + +// Update for searchHeadClusterPodManager handles all updates for a statefulset of search heads +func (mgr *searchHeadClusterPodManager) Update(ctx context.Context, c splcommon.ControllerClient, statefulSet *appsv1.StatefulSet, desiredReplicas int32) (enterpriseApi.Phase, error) { + // Assign client + if mgr.c == nil { + mgr.c = c + } + + // update statefulset, if necessary + _, err := splctrl.ApplyStatefulSet(ctx, mgr.c, statefulSet) + if err != nil { + return enterpriseApi.PhaseError, err + } + + // for now pass the targetPodName as empty since we are going to fill it in ApplyShcSecret + podExecClient := splutil.GetPodExecClient(mgr.c, mgr.cr, "") + + // Check if a recycle of shc pods is necessary(due to shc_secret mismatch with namespace scoped secret) + err = ApplyShcSecret(ctx, mgr, desiredReplicas, podExecClient) + if err != nil { + return enterpriseApi.PhaseError, err + } + + // update CR status with SHC information + err = mgr.updateStatus(ctx, statefulSet) + if err != nil || mgr.cr.Status.ReadyReplicas == 0 || !mgr.cr.Status.Initialized || !mgr.cr.Status.CaptainReady { + mgr.log.Info("Search head cluster is not ready", "reason ", err) + return enterpriseApi.PhasePending, nil + } + + // manage scaling and updates + return splctrl.UpdateStatefulSetPods(ctx, mgr.c, statefulSet, mgr, desiredReplicas) +} + +// PrepareScaleDown for searchHeadClusterPodManager prepares search head pod to be removed via scale down event; it returns true when ready +func (mgr *searchHeadClusterPodManager) PrepareScaleDown(ctx context.Context, n int32) (bool, error) { + // start by quarantining the pod + result, err := mgr.PrepareRecycle(ctx, n) + if err != nil || !result { + return result, err + } + + // pod is quarantined; decommission it + memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) + mgr.log.Info("Removing member from search head cluster", "memberName", memberName) + c := mgr.getClient(ctx, n) + err = c.RemoveSearchHeadClusterMember() + if err != nil { + return false, err + } + + // all done -> ok to scale down the statefulset + return true, nil +} + +// PrepareRecycle for searchHeadClusterPodManager prepares search head pod to be recycled for updates; it returns true when ready +func (mgr *searchHeadClusterPodManager) PrepareRecycle(ctx context.Context, n int32) (bool, error) { + memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) + + switch mgr.cr.Status.Members[n].Status { + case "Up": + // Detain search head + mgr.log.Info("Detaining search head cluster member", "memberName", memberName) + c := mgr.getClient(ctx, n) + podExecClient := splutil.GetPodExecClient(mgr.c, mgr.cr, getApplicablePodNameForK8Probes(mgr.cr, n)) + err := setProbeLevelOnSplunkPod(ctx, podExecClient, livenessProbeLevelOne) + if err != nil { + // During the Recycle, our reconcile loop is entered multiple times. If the Pod is already down, + // there is a chance of readiness probe failing, in which case, even the podExec will not be successful. + // So, just log the message, and ignore the error. + mgr.log.Info("Setting Probe level failed. Probably, the Pod is already down", "memberName", memberName) + } + + return false, c.SetSearchHeadDetention(true) + + case "ManualDetention": + // Wait until active searches have drained + searchesComplete := mgr.cr.Status.Members[n].ActiveHistoricalSearchCount+mgr.cr.Status.Members[n].ActiveRealtimeSearchCount == 0 + if searchesComplete { + mgr.log.Info("Detention complete", "memberName", memberName) + } else { + mgr.log.Info("Waiting for active searches to complete", "memberName", memberName) + } + return searchesComplete, nil + + case "": // this can happen after the member has already been recycled and we're just waiting for state to update + mgr.log.Info("Member has empty Status", "memberName", memberName) + return false, nil + } + + // unhandled status + return false, fmt.Errorf("Status=%s", mgr.cr.Status.Members[n].Status) +} + +// FinishRecycle for searchHeadClusterPodManager completes recycle event for search head pod; it returns true when complete +func (mgr *searchHeadClusterPodManager) FinishRecycle(ctx context.Context, n int32) (bool, error) { + memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) + + switch mgr.cr.Status.Members[n].Status { + case "Up": + // not in detention + return true, nil + + case "ManualDetention": + // release from detention + mgr.log.Info("Releasing search head cluster member from detention", "memberName", memberName) + c := mgr.getClient(ctx, n) + return false, c.SetSearchHeadDetention(false) + } + + // unhandled status + return false, fmt.Errorf("Status=%s", mgr.cr.Status.Members[n].Status) +} + +// getClient for searchHeadClusterPodManager returns a SplunkClient for the member n +func (mgr *searchHeadClusterPodManager) getClient(ctx context.Context, n int32) *splclient.SplunkClient { + reqLogger := log.FromContext(ctx) + scopedLog := reqLogger.WithName("searchHeadClusterPodManager.getClient").WithValues("name", mgr.cr.GetName(), "namespace", mgr.cr.GetNamespace()) + + // Get Pod Name + memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) + + // Get Fully Qualified Domain Name + fqdnName := splcommon.GetServiceFQDN(mgr.cr.GetNamespace(), + fmt.Sprintf("%s.%s", memberName, GetSplunkServiceName(SplunkSearchHead, mgr.cr.GetName(), true))) + + // Retrieve admin password from Pod + adminPwd, err := splutil.GetSpecificSecretTokenFromPod(ctx, mgr.c, memberName, mgr.cr.GetNamespace(), "password") + if err != nil { + scopedLog.Error(err, "Couldn't retrieve the admin password from Pod") + } + + return mgr.newSplunkClient(fmt.Sprintf("https://%s:8089", fqdnName), "admin", adminPwd) +} + +// GetSearchHeadClusterMemberInfo used in mocking this function +var GetSearchHeadClusterMemberInfo = func(ctx context.Context, mgr *searchHeadClusterPodManager, n int32) (*splclient.SearchHeadClusterMemberInfo, error) { + c := mgr.getClient(ctx, n) + return c.GetSearchHeadClusterMemberInfo() +} + +// GetSearchHeadCaptainInfo used in mocking this function +var GetSearchHeadCaptainInfo = func(ctx context.Context, mgr *searchHeadClusterPodManager, n int32) (*splclient.SearchHeadCaptainInfo, error) { + c := mgr.getClient(ctx, n) + return c.GetSearchHeadCaptainInfo() +} + +// updateStatus for searchHeadClusterPodManager uses the REST API to update the status for a SearcHead custom resource +func (mgr *searchHeadClusterPodManager) updateStatus(ctx context.Context, statefulSet *appsv1.StatefulSet) error { + // populate members status using REST API to get search head cluster member info + mgr.cr.Status.Captain = "" + mgr.cr.Status.CaptainReady = false + mgr.cr.Status.ReadyReplicas = statefulSet.Status.ReadyReplicas + if mgr.cr.Status.ReadyReplicas == 0 { + return nil + } + gotCaptainInfo := false + for n := int32(0); n < statefulSet.Status.Replicas; n++ { + memberName := GetSplunkStatefulsetPodName(SplunkSearchHead, mgr.cr.GetName(), n) + memberStatus := enterpriseApi.SearchHeadClusterMemberStatus{Name: memberName} + memberInfo, err := GetSearchHeadClusterMemberInfo(ctx, mgr, n) + if err == nil { + memberStatus.Status = memberInfo.Status + memberStatus.Adhoc = memberInfo.Adhoc + memberStatus.Registered = memberInfo.Registered + memberStatus.ActiveHistoricalSearchCount = memberInfo.ActiveHistoricalSearchCount + memberStatus.ActiveRealtimeSearchCount = memberInfo.ActiveRealtimeSearchCount + } else { + mgr.log.Error(err, "Unable to retrieve search head cluster member info", "memberName", memberName) + } + + if err == nil && !gotCaptainInfo { + // try querying captain api; note that this should work on any node + captainInfo, err := GetSearchHeadCaptainInfo(ctx, mgr, n) + if err == nil { + mgr.cr.Status.Captain = captainInfo.Label + mgr.cr.Status.CaptainReady = captainInfo.ServiceReady + mgr.cr.Status.Initialized = captainInfo.Initialized + mgr.cr.Status.MinPeersJoined = captainInfo.MinPeersJoined + mgr.cr.Status.MaintenanceMode = captainInfo.MaintenanceMode + gotCaptainInfo = true + } else { + mgr.cr.Status.CaptainReady = false + mgr.log.Error(err, "Unable to retrieve captain info", "memberName", memberName) + } + } + + if n < int32(len(mgr.cr.Status.Members)) { + mgr.cr.Status.Members[n] = memberStatus + } else { + mgr.cr.Status.Members = append(mgr.cr.Status.Members, memberStatus) + } + } + + // truncate any extra members that we didn't check (leftover from scale down) + if statefulSet.Status.Replicas < int32(len(mgr.cr.Status.Members)) { + mgr.cr.Status.Members = mgr.cr.Status.Members[:statefulSet.Status.Replicas] + } + + return nil +} diff --git a/pkg/splunk/enterprise/upgrade/upgrade.go b/pkg/splunk/enterprise/upgrade/upgrade.go new file mode 100644 index 000000000..85386a905 --- /dev/null +++ b/pkg/splunk/enterprise/upgrade/upgrade.go @@ -0,0 +1,94 @@ +package upgrade + +import ( + "context" + "fmt" + "time" + + splclient "github.com/splunk/splunk-operator/pkg/splunk/client" + metrics "github.com/splunk/splunk-operator/pkg/splunk/enterprise/metrics" + + "sigs.k8s.io/controller-runtime/pkg/log" +) + +// UpgradeOptions contains configuration for the upgrade process. +type UpgradeOptions struct { + WaitForHistoricalSearchDrain bool + UpgradeDrainTimeout time.Duration + // Additional flags (e.g., for search restart on remote failure) can be added here. +} + +// PerformUpgradeSteps orchestrates the upgrade process. Note that each step’s completion +// should be reflected in the custom resource status (using a function like UpdateUpgradePhase). +func PerformUpgradeSteps(ctx context.Context, client *splclient.SplunkClient, opts UpgradeOptions) error { + logger := log.FromContext(ctx) + + // Step 1: Initiate upgrade and record start time. + logger.Info("Initiating SHC upgrade") + if err := client.InitShcUpgrade(); err != nil { + return fmt.Errorf("failed to initiate upgrade: %w", err) + } + metrics.UpgradeStartTime.Set(float64(time.Now().Unix())) + // CR status should be updated to "Initiated" in the controller after this step. + + // Step 2: Set manual detention mode. + logger.Info("Setting manual detention mode") + if err := client.SetManualDetentionMode(); err != nil { + return fmt.Errorf("failed to set manual detention mode: %w", err) + } + // CR status should be updated to "DetentionSet" + + // Step 3: Wait for historical searches to finish. + if opts.WaitForHistoricalSearchDrain { + logger.Info("Waiting for historical searches to finish") + if err := WaitForHistoricalSearches(ctx, client, opts.UpgradeDrainTimeout); err != nil { + logger.Error(err, "Historical search drain timed out") + return err + } + // CR status should be updated to "HistoricalSearchDrainComplete" + } + + // (Optional: Enable search restart on remote failure if required.) + + // Step 4: Finalize upgrade and record end time. + logger.Info("Finalizing SHC upgrade") + if err := client.FinalizeShcUpgrade(); err != nil { + return fmt.Errorf("failed to finalize upgrade: %w", err) + } + metrics.UpgradeEndTime.Set(float64(time.Now().Unix())) + // CR status should be updated to "Finalized" + + // Step 5: Unset manual detention mode. + logger.Info("Unsetting manual detention mode") + if err := client.UnsetManualDetentionMode(); err != nil { + return fmt.Errorf("failed to unset manual detention mode: %w", err) + } + // CR status should be updated to "DetentionUnset" + + return nil +} + +// waitForHistoricalSearches polls until the active search count is zero or the timeout is reached. +// TODO FIXME Replace with real logic to query active search counts. +func WaitForHistoricalSearches(ctx context.Context, client *splclient.SplunkClient, timeout time.Duration) error { + logger := log.FromContext(ctx) + ticker := time.NewTicker(10 * time.Second) + defer ticker.Stop() + timeoutCh := time.After(timeout) + + for { + select { + case <-ctx.Done(): + return ctx.Err() + case <-timeoutCh: + return fmt.Errorf("timed out waiting for historical searches to finish") + case <-ticker.C: + // Stub: Replace with actual logic to fetch active search counts. + activeCount := 0 + logger.Info("Polling active search count", "activeCount", activeCount) + if activeCount == 0 { + return nil + } + } + } +}