@@ -49,7 +49,7 @@ To build and test all packages of the Apache KIE Tools project, you're going to
- pnpm `9.3.0` _(To install, follow these instructions: https://pnpm.io/installation#using-npm)_
- Maven `3.9.6`
- Java `17`
-- Go `1.21.13` _(To install, follow these instructions: https://go.dev/doc/install)_
+- Go `1.22.9` _(To install, follow these instructions: https://go.dev/doc/install)_
- Python `3.12` _(To install, follow these instructions: https://www.python.org/downloads/)_
- Helm `3.13.3` _(To install, follow these instructions: https://helm.sh/docs/intro/install/)_
- Make
diff --git a/devbox.json b/devbox.json
index c86545e5c32..2dfacfb7786 100644
--- a/devbox.json
+++ b/devbox.json
@@ -6,7 +6,7 @@
"maven": "3.9.6",
"kubernetes-helm": "3.13.3",
"gnumake": "4.4.1",
- "go": "1.21.13",
+ "go": "1.22.9",
"python": "3.12.2",
"libxml2": "2.13.3"
diff --git a/devbox.lock b/devbox.lock
index a0d26a58bd0..bb90eac589a 100644
--- a/devbox.lock
+++ b/devbox.lock
@@ -21,23 +21,51 @@
- "go@1.21.13": {
- "last_modified": "2024-09-10T15:01:03Z",
- "resolved": "github:NixOS/nixpkgs/5ed627539ac84809c78b2dd6d26a5cebeb5ae269#go_1_21",
+ "go@1.22.9": {
+ "last_modified": "2024-11-16T04:25:12Z",
+ "resolved": "github:NixOS/nixpkgs/34a626458d686f1b58139620a8b2793e9e123bba#go_1_22",
"source": "devbox-search",
- "version": "1.21.13",
+ "version": "1.22.9",
"systems": {
"aarch64-darwin": {
- "store_path": "/nix/store/59bymri4pr8mq5zh678smrf381i3fmy2-go-1.21.13"
+ "outputs": [
+ {
+ "name": "out",
+ "path": "/nix/store/4nf51i4ah186y2jy3fad2fyvpa49qx6q-go-1.22.9",
+ "default": true
+ }
+ ],
+ "store_path": "/nix/store/4nf51i4ah186y2jy3fad2fyvpa49qx6q-go-1.22.9"
"aarch64-linux": {
- "store_path": "/nix/store/7dqbqicx8szqnyzag6l41gwbjmh1xdk0-go-1.21.13"
+ "outputs": [
+ {
+ "name": "out",
+ "path": "/nix/store/8w8vzwgp55yl8j1ljgm4wzdgjkvkv5v3-go-1.22.9",
+ "default": true
+ }
+ ],
+ "store_path": "/nix/store/8w8vzwgp55yl8j1ljgm4wzdgjkvkv5v3-go-1.22.9"
"x86_64-darwin": {
- "store_path": "/nix/store/ws9bs446vgwmxchqnpjp9503x420iz75-go-1.21.13"
+ "outputs": [
+ {
+ "name": "out",
+ "path": "/nix/store/vlih7j78ki05i8nvzdsxvws7a7ksq04m-go-1.22.9",
+ "default": true
+ }
+ ],
+ "store_path": "/nix/store/vlih7j78ki05i8nvzdsxvws7a7ksq04m-go-1.22.9"
"x86_64-linux": {
- "store_path": "/nix/store/yij3vkkjv7ghn055v0rqhbjzyh0dy4nq-go-1.21.13"
+ "outputs": [
+ {
+ "name": "out",
+ "path": "/nix/store/frc5188kgv3ws0n999c7cy5vi2f8k4jp-go-1.22.9",
+ "default": true
+ }
+ ],
+ "store_path": "/nix/store/frc5188kgv3ws0n999c7cy5vi2f8k4jp-go-1.22.9"
diff --git a/packages/dev-deployment-kogito-quarkus-blank-app/pom.xml b/packages/dev-deployment-kogito-quarkus-blank-app/pom.xml
index 3102095aa91..07fa2b09361 100644
--- a/packages/dev-deployment-kogito-quarkus-blank-app/pom.xml
+++ b/packages/dev-deployment-kogito-quarkus-blank-app/pom.xml
@@ -54,6 +54,9 @@
+ 1.4.21
@@ -88,6 +91,13 @@
+ com.thoughtworks.xstream
+ xstream
+ ${version.com.thoughtworks.xstream}
diff --git a/packages/kn-plugin-workflow/README.md b/packages/kn-plugin-workflow/README.md
index 45874ca3ac0..22b2a2c35de 100644
--- a/packages/kn-plugin-workflow/README.md
+++ b/packages/kn-plugin-workflow/README.md
@@ -29,7 +29,7 @@ All the commands in this section should be performed in the monorepo root.
- Node `>= 20.14.0` _(To install, follow these instructions: https://nodejs.org/en/download/package-manager/)_
- pnpm `9.3.0` _(To install, follow these instructions: https://pnpm.io/installation)_
-- Go `1.21.13` _(To install, follow these instructions: https://go.dev/doc/install)_
+- Go `1.22.9` _(To install, follow these instructions: https://go.dev/doc/install)_
#### Prerequisites for running end-to-end tests
diff --git a/packages/kn-plugin-workflow/go.mod b/packages/kn-plugin-workflow/go.mod
index eeb1dcaeb2e..2117ae85f19 100644
--- a/packages/kn-plugin-workflow/go.mod
+++ b/packages/kn-plugin-workflow/go.mod
@@ -1,8 +1,8 @@
module github.com/apache/incubator-kie-tools/packages/kn-plugin-workflow
-go 1.21
+go 1.22.0
-toolchain go1.21.6
+toolchain go1.23.2
replace github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api v0.0.0 => ./node_modules/@kie-tools/sonataflow-operator/api
@@ -19,54 +19,53 @@ require (
github.com/jstemmer/go-junit-report/v2 v2.0.0
github.com/ory/viper v1.7.5
github.com/spf13/afero v1.9.5
- github.com/spf13/cobra v1.7.0
+ github.com/spf13/cobra v1.8.1
github.com/stretchr/testify v1.9.0
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1
- k8s.io/apiextensions-apiserver v0.28.1
- k8s.io/apimachinery v0.28.1
- k8s.io/client-go v0.28.1
+ k8s.io/apiextensions-apiserver v0.31.0
+ k8s.io/apimachinery v0.31.1
+ k8s.io/client-go v0.31.1
require (
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
- github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dgraph-io/ristretto v0.1.1 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
- github.com/evanphx/json-patch v5.6.0+incompatible // indirect
- github.com/evanphx/json-patch/v5 v5.7.0 // indirect
- github.com/fsnotify/fsnotify v1.6.0 // indirect
- github.com/gabriel-vasile/mimetype v1.4.2 // indirect
- github.com/go-logr/logr v1.2.4 // indirect
+ github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+ github.com/fsnotify/fsnotify v1.7.0 // indirect
+ github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+ github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+ github.com/go-logr/logr v1.4.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
- github.com/go-playground/validator/v10 v10.15.4 // indirect
+ github.com/go-playground/validator/v10 v10.22.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/glog v1.1.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- github.com/golang/protobuf v1.5.3 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
- github.com/google/uuid v1.3.1 // indirect
+ github.com/google/uuid v1.6.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/imdario/mergo v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/invopop/yaml v0.3.1 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
- github.com/leodido/go-urn v1.2.4 // indirect
+ github.com/leodido/go-urn v1.4.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
- github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -81,48 +80,48 @@ require (
github.com/perimeterx/marshmallow v1.1.5 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
- github.com/prometheus/client_golang v1.17.0 // indirect
- github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
- github.com/prometheus/common v0.44.0 // indirect
- github.com/prometheus/procfs v0.11.1 // indirect
- github.com/relvacode/iso8601 v1.3.0 // indirect
+ github.com/prometheus/client_golang v1.19.1 // indirect
+ github.com/prometheus/client_model v0.6.1 // indirect
+ github.com/prometheus/common v0.55.0 // indirect
+ github.com/prometheus/procfs v0.15.1 // indirect
+ github.com/relvacode/iso8601 v1.4.0 // indirect
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
- github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46 // indirect
github.com/sergi/go-diff v1.2.0 // indirect
- github.com/serverlessworkflow/sdk-go/v2 v2.2.5 // indirect
+ github.com/serverlessworkflow/sdk-go/v2 v2.4.2 // indirect
+ github.com/sosodev/duration v1.3.1 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stretchr/objx v0.5.2 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect
- golang.org/x/crypto v0.21.0 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
+ golang.org/x/crypto v0.28.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
- golang.org/x/mod v0.13.0 // indirect
- golang.org/x/net v0.23.0 // indirect
- golang.org/x/oauth2 v0.13.0 // indirect
- golang.org/x/sync v0.4.0 // indirect
- golang.org/x/sys v0.18.0 // indirect
- golang.org/x/term v0.18.0 // indirect
- golang.org/x/text v0.14.0 // indirect
- golang.org/x/time v0.3.0 // indirect
- golang.org/x/tools v0.14.0 // indirect
+ golang.org/x/mod v0.17.0 // indirect
+ golang.org/x/net v0.28.0 // indirect
+ golang.org/x/oauth2 v0.21.0 // indirect
+ golang.org/x/sync v0.8.0 // indirect
+ golang.org/x/sys v0.26.0 // indirect
+ golang.org/x/term v0.25.0 // indirect
+ golang.org/x/text v0.19.0 // indirect
+ golang.org/x/time v0.5.0 // indirect
+ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
- google.golang.org/appengine v1.6.8 // indirect
- google.golang.org/protobuf v1.33.0 // indirect
+ google.golang.org/protobuf v1.34.2 // indirect
+ gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gotest.tools/v3 v3.3.0 // indirect
- k8s.io/api v0.28.1 // indirect
- k8s.io/component-base v0.28.1 // indirect
- k8s.io/klog/v2 v2.100.1 // indirect
- k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f // indirect
- k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+ k8s.io/api v0.31.1 // indirect
+ k8s.io/klog/v2 v2.130.1 // indirect
+ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c // indirect
- sigs.k8s.io/controller-runtime v0.16.2 // indirect
+ sigs.k8s.io/controller-runtime v0.19.0 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
- sigs.k8s.io/yaml v1.3.0 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+ sigs.k8s.io/yaml v1.4.0 // indirect
replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.16
diff --git a/packages/kn-plugin-workflow/go.sum b/packages/kn-plugin-workflow/go.sum
index 81238cb336f..6e80b1fdc15 100644
--- a/packages/kn-plugin-workflow/go.sum
+++ b/packages/kn-plugin-workflow/go.sum
@@ -50,8 +50,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -59,7 +59,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -94,26 +94,27 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
-github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
-github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
github.com/getkin/kin-openapi v0.128.0 h1:jqq3D9vC9pPq1dGcOCv7yOp1DaEe7c/T1vzcLbITSp4=
github.com/getkin/kin-openapi v0.128.0/go.mod h1:OZrfXzUfGrNbsKj+xmFBx6E5c6yH3At/tAKSc2UszXM=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
-github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
@@ -128,11 +129,12 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.15.4 h1:zMXza4EpOdooxPel5xDqXEdXG5r+WggpvnAKMsalBjs=
-github.com/go-playground/validator/v10 v10.15.4/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
+github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
@@ -168,8 +170,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
@@ -205,12 +207,12 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 h1:n6vlPhxsA+BW/XsS5+uqi7GyzaLa5MH7qlSLBZtRdiA=
-github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
@@ -249,15 +251,13 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
-github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -284,15 +284,15 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
-github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
@@ -312,34 +312,34 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
-github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/relvacode/iso8601 v1.3.0 h1:HguUjsGpIMh/zsTczGN3DVJFxTU/GX+MMmzcKoMO7ko=
-github.com/relvacode/iso8601 v1.3.0/go.mod h1:FlNp+jz+TXpyRqgmM7tnzHHzBnz776kmAH2h3sZCn0I=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/relvacode/iso8601 v1.4.0 h1:GsInVSEJfkYuirYFxa80nMLbH2aydgZpIf52gYZXUJs=
+github.com/relvacode/iso8601 v1.4.0/go.mod h1:FlNp+jz+TXpyRqgmM7tnzHHzBnz776kmAH2h3sZCn0I=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
-github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46 h1:Dz0HrI1AtNSGCE8LXLLqoZU4iuOJXPWndenCsZfstA8=
-github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46/go.mod h1:is8FVkzSi7PYLWEXT5MgWhglFsyyiW8ffxAoJqfuFZo=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/serverlessworkflow/sdk-go/v2 v2.2.5 h1:/TFqBBni0hDpTA0bKadGTWbyBRiQ0o2ppz2ScY6DdTM=
-github.com/serverlessworkflow/sdk-go/v2 v2.2.5/go.mod h1:uIy7EgNRGUzuTsihdto7fN+xsz/HDHq0MP1aPIG7wHU=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/serverlessworkflow/sdk-go/v2 v2.4.2 h1:dqRa/i5J885rk0bGIXzUVLwEFfRWB9gpQfOdXlbejsI=
+github.com/serverlessworkflow/sdk-go/v2 v2.4.2/go.mod h1:WGJR0YhXp035Y/toMKwHeIT5/EDEkDEDozn6VIGSUqI=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/sosodev/duration v1.3.1 h1:qtHBDMQ6lvMQsL15g4aopM4HEfOaYuhWBw3NPTtlqq4=
+github.com/sosodev/duration v1.3.1/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
@@ -347,8 +347,8 @@ github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
@@ -368,7 +368,6 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
@@ -378,19 +377,20 @@ github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0
github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
github.com/vmware-labs/yaml-jsonpath v0.3.2 h1:/5QKeCBGdsInyDCyVNLbXyilb61MXGi9NP674f9Hobk=
github.com/vmware-labs/yaml-jsonpath v0.3.2/go.mod h1:U6whw1z03QyqgWdgXxvVnQ90zN1BWz5V+51Ewf8k+rQ=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
@@ -402,10 +402,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -441,9 +440,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
-golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -480,9 +478,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -492,8 +489,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -504,9 +501,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -549,16 +545,13 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -567,14 +560,13 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -626,9 +618,8 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
-golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -661,8 +652,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -727,14 +716,16 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
@@ -763,32 +754,30 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108=
-k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg=
-k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw=
-k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs=
-k8s.io/apimachinery v0.28.1 h1:EJD40og3GizBSV3mkIoXQBsws32okPOy+MkRyzh6nPY=
-k8s.io/apimachinery v0.28.1/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw=
-k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8=
-k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE=
-k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg=
-k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU=
-k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
-k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f h1:eeEUOoGYWhOz7EyXqhlR2zHKNw2mNJ9vzJmub6YN6kk=
-k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
+k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
+k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
+k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk=
+k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
+k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
+k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c h1:xyPoEToTWeBdn6tinhLxXfnhJhTNQt5WzHiTNiFphRw=
knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c/go.mod h1:HHRXEd7ZlFpthgE+rwAZ6MUVnuJOAeolnaFSthXloUQ=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.16.2 h1:mwXAVuEk3EQf478PQwQ48zGOXvW27UJc8NHktQVuIPU=
-sigs.k8s.io/controller-runtime v0.16.2/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU=
+sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
+sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/packages/kogito-base-builder-image/env/index.js b/packages/kogito-base-builder-image/env/index.js
index c9e804e2c1a..b81f7a5e9ac 100644
--- a/packages/kogito-base-builder-image/env/index.js
+++ b/packages/kogito-base-builder-image/env/index.js
@@ -20,8 +20,9 @@
const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/build-env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/kogito-base-builder-image/package.json b/packages/kogito-base-builder-image/package.json
index 806db506377..da44bf68816 100644
--- a/packages/kogito-base-builder-image/package.json
+++ b/packages/kogito-base-builder-image/package.json
@@ -25,7 +25,7 @@
"image:test:darwin:linux": "pnpm setup:env make -C ./build test-image",
"image:test:win32": "echo \"Tests skipped on Windows\"",
"install": "node install.js && pnpm format",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoBaseBuilderImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoBaseBuilderImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoBaseBuilderImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoBaseBuilderImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoBaseBuilderImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoBaseBuilderImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoBaseBuilderImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoBaseBuilderImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
"devDependencies": {
"@kie-tools/python-venv": "workspace:*",
diff --git a/packages/kogito-data-index-ephemeral-image/env/index.js b/packages/kogito-data-index-ephemeral-image/env/index.js
index ea84bbde4e6..dac66a5d91b 100644
--- a/packages/kogito-data-index-ephemeral-image/env/index.js
+++ b/packages/kogito-data-index-ephemeral-image/env/index.js
@@ -20,8 +20,9 @@
const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/build-env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/kogito-data-index-ephemeral-image/package.json b/packages/kogito-data-index-ephemeral-image/package.json
index 6cc2887dec4..08f12e9cba1 100644
--- a/packages/kogito-data-index-ephemeral-image/package.json
+++ b/packages/kogito-data-index-ephemeral-image/package.json
@@ -30,7 +30,7 @@
"mvn-build-app": "run-script-os",
"mvn-build-app:linux:darwin": "mvn -am package -Dquarkus.package.type=fast-jar -Dquarkus.container-image.build=false -B -f ./resources/app/pom.xml",
"mvn-build-app:win32": "echo \"Build skipped on Windows\"",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoDataIndexEphemeralImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoDataIndexEphemeralImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoDataIndexEphemeralImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoDataIndexEphemeralImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoDataIndexEphemeralImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoDataIndexEphemeralImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoDataIndexEphemeralImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoDataIndexEphemeralImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
"devDependencies": {
"@kie-tools/maven-base": "workspace:*",
diff --git a/packages/kogito-data-index-postgresql-image/env/index.js b/packages/kogito-data-index-postgresql-image/env/index.js
index 2b6e41af30d..a886932bd53 100644
--- a/packages/kogito-data-index-postgresql-image/env/index.js
+++ b/packages/kogito-data-index-postgresql-image/env/index.js
@@ -20,8 +20,9 @@
const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/build-env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/kogito-data-index-postgresql-image/package.json b/packages/kogito-data-index-postgresql-image/package.json
index 92fbd5c800e..f1dfdc58d14 100644
--- a/packages/kogito-data-index-postgresql-image/package.json
+++ b/packages/kogito-data-index-postgresql-image/package.json
@@ -30,7 +30,7 @@
"mvn-build-app": "run-script-os",
"mvn-build-app:linux:darwin": "mvn -am package -Dquarkus.package.type=fast-jar -Dquarkus.container-image.build=false -B -f ./resources/app/pom.xml",
"mvn-build-app:win32": "echo \"Build skipped on Windows\"",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoDataIndexPostgresqlImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoDataIndexPostgresqlImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoDataIndexPostgresqlImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoDataIndexPostgresqlImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoDataIndexPostgresqlImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoDataIndexPostgresqlImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoDataIndexPostgresqlImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoDataIndexPostgresqlImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
"devDependencies": {
"@kie-tools/maven-base": "workspace:*",
diff --git a/packages/kogito-jit-runner-image/env/index.js b/packages/kogito-jit-runner-image/env/index.js
index a7772148f10..c5429d19a4d 100644
--- a/packages/kogito-jit-runner-image/env/index.js
+++ b/packages/kogito-jit-runner-image/env/index.js
@@ -20,8 +20,9 @@
const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/build-env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/kogito-jit-runner-image/package.json b/packages/kogito-jit-runner-image/package.json
index dc1def35950..ce4b3dbb953 100644
--- a/packages/kogito-jit-runner-image/package.json
+++ b/packages/kogito-jit-runner-image/package.json
@@ -30,7 +30,7 @@
"mvn-build-app": "run-script-os",
"mvn-build-app:linux:darwin": "mvn -am package -Dquarkus.package.type=fast-jar -Dquarkus.container-image.build=false -B -f ./resources/app/pom.xml",
"mvn-build-app:win32": "echo \"Build skipped on Windows\"",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoJitRunnerImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoJitRunnerImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoJitRunnerImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoJitRunnerImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoJitRunnerImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoJitRunnerImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoJitRunnerImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoJitRunnerImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
"devDependencies": {
"@kie-tools/maven-base": "workspace:*",
diff --git a/packages/kogito-jobs-service-allinone-image/env/index.js b/packages/kogito-jobs-service-allinone-image/env/index.js
index dd1f166123d..5cd647c4bc8 100644
--- a/packages/kogito-jobs-service-allinone-image/env/index.js
+++ b/packages/kogito-jobs-service-allinone-image/env/index.js
@@ -20,8 +20,9 @@
const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/build-env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/kogito-jobs-service-allinone-image/package.json b/packages/kogito-jobs-service-allinone-image/package.json
index 132b3b59afd..9dbfbdcfd20 100644
--- a/packages/kogito-jobs-service-allinone-image/package.json
+++ b/packages/kogito-jobs-service-allinone-image/package.json
@@ -30,7 +30,7 @@
"mvn-build-app": "run-script-os",
"mvn-build-app:linux:darwin": "mvn -am package -Dquarkus.package.type=fast-jar -Dquarkus.container-image.build=false -B -f ./resources/app/pom.xml",
"mvn-build-app:win32": "echo \"Build skipped on Windows\"",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoJobsServiceAllInOneImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoJobsServiceAllInOneImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoJobsServiceAllInOneImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoJobsServiceAllInOneImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoJobsServiceAllInOneImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoJobsServiceAllInOneImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoJobsServiceAllInOneImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoJobsServiceAllInOneImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
"devDependencies": {
"@kie-tools/maven-base": "workspace:*",
diff --git a/packages/kogito-jobs-service-ephemeral-image/env/index.js b/packages/kogito-jobs-service-ephemeral-image/env/index.js
index fdd58dfdd07..bd8561dea8f 100644
--- a/packages/kogito-jobs-service-ephemeral-image/env/index.js
+++ b/packages/kogito-jobs-service-ephemeral-image/env/index.js
@@ -20,8 +20,9 @@
const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/build-env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/kogito-jobs-service-ephemeral-image/package.json b/packages/kogito-jobs-service-ephemeral-image/package.json
index bf9c76b7c8a..e6296250270 100644
--- a/packages/kogito-jobs-service-ephemeral-image/package.json
+++ b/packages/kogito-jobs-service-ephemeral-image/package.json
@@ -30,7 +30,7 @@
"mvn-build-app": "run-script-os",
"mvn-build-app:linux:darwin": "mvn -am package -Dquarkus.package.type=fast-jar -Dquarkus.container-image.build=false -B -f ./resources/app/pom.xml",
"mvn-build-app:win32": "echo \"Build skipped on Windows\"",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoJobsServiceEphemeralImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoJobsServiceEphemeralImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoJobsServiceEphemeralImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoJobsServiceEphemeralImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoJobsServiceEphemeralImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoJobsServiceEphemeralImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoJobsServiceEphemeralImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoJobsServiceEphemeralImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
"devDependencies": {
"@kie-tools/maven-base": "workspace:*",
diff --git a/packages/kogito-jobs-service-postgresql-image/env/index.js b/packages/kogito-jobs-service-postgresql-image/env/index.js
index 538378a7353..f4f843b1e06 100644
--- a/packages/kogito-jobs-service-postgresql-image/env/index.js
+++ b/packages/kogito-jobs-service-postgresql-image/env/index.js
@@ -20,8 +20,9 @@
const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/build-env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/kogito-jobs-service-postgresql-image/package.json b/packages/kogito-jobs-service-postgresql-image/package.json
index cb22dbfa6f1..1f55b59fd8f 100644
--- a/packages/kogito-jobs-service-postgresql-image/package.json
+++ b/packages/kogito-jobs-service-postgresql-image/package.json
@@ -30,7 +30,7 @@
"mvn-build-app": "run-script-os",
"mvn-build-app:linux:darwin": "mvn -am package -Dquarkus.package.type=fast-jar -Dquarkus.container-image.build=false -B -f ./resources/app/pom.xml",
"mvn-build-app:win32": "echo \"Build skipped on Windows\"",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoJobsServicePostgresqlImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoJobsServicePostgresqlImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoJobsServicePostgresqlImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoJobsServicePostgresqlImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env kogitoJobsServicePostgresqlImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env kogitoJobsServicePostgresqlImage.account) KOGITO_IMAGE_NAME=$(build-env kogitoJobsServicePostgresqlImage.name) KOGITO_IMAGE_TAG=$(build-env kogitoJobsServicePostgresqlImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)"
"devDependencies": {
"@kie-tools/maven-base": "workspace:*",
diff --git a/packages/sonataflow-builder-image/env/index.js b/packages/sonataflow-builder-image/env/index.js
index 4ff09d9fc35..3b70dfa6780 100644
--- a/packages/sonataflow-builder-image/env/index.js
+++ b/packages/sonataflow-builder-image/env/index.js
@@ -24,8 +24,9 @@ const {
} = require("@kie-tools/maven-m2-repo-via-http-image/env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/sonataflow-builder-image/package.json b/packages/sonataflow-builder-image/package.json
index a0378e31d7a..c2bb075a731 100644
--- a/packages/sonataflow-builder-image/package.json
+++ b/packages/sonataflow-builder-image/package.json
@@ -33,7 +33,7 @@
"install": "node install.js && pnpm format",
"m2-repo-via-http:container:kill": "(docker container kill m2-repo-via-http || true) && (docker container rm m2-repo-via-http || true)",
"m2-repo-via-http:container:run": "(pnpm m2-repo-via-http:container:kill || true) && docker run --name m2-repo-via-http -v \"$(mvn help:evaluate -Dexpression=settings.localRepository -q -DforceStdout):/var/www/html\" -dit $(build-env sonataflowBuilderImage.dev.mavenM2RepoViaHttpImage)",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env sonataflowBuilderImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env sonataflowBuilderImage.account) KOGITO_IMAGE_NAME=$(build-env sonataflowBuilderImage.name) KOGITO_IMAGE_TAG=$(build-env sonataflowBuilderImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)",
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env sonataflowBuilderImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env sonataflowBuilderImage.account) KOGITO_IMAGE_NAME=$(build-env sonataflowBuilderImage.name) KOGITO_IMAGE_TAG=$(build-env sonataflowBuilderImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito)",
"test": "run-script-os",
"test:cleanup": "mv dist-tests/report.xml dist-tests/junit-report.xml || true",
"test:linux:darwin": "run-script-if --bool \"$(build-env tests.run)\" --then \"pnpm test:setup\" \"pnpm test:run\" --finally \"pnpm test:cleanup\"",
diff --git a/packages/sonataflow-devmode-image/env/index.js b/packages/sonataflow-devmode-image/env/index.js
index 2d22f206f0d..1b2d617fda1 100644
--- a/packages/sonataflow-devmode-image/env/index.js
+++ b/packages/sonataflow-devmode-image/env/index.js
@@ -19,6 +19,7 @@
const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/build-env");
const sonataFlowQuarkusDevUiEnv = require("@kie-tools/sonataflow-quarkus-devui/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
const {
env: { mavenM2RepoViaHttpImage: mavenM2RepoViaHttpImageEnv },
@@ -26,7 +27,7 @@ const {
const rootEnv = require("@kie-tools/root-env/env");
-module.exports = composeEnv([rootEnv], {
+module.exports = composeEnv([rootEnv, sonataflowImageCommonEnv], {
vars: varsWithName({
default: "docker.io",
diff --git a/packages/sonataflow-devmode-image/package.json b/packages/sonataflow-devmode-image/package.json
index f34cd49c846..3c420448732 100644
--- a/packages/sonataflow-devmode-image/package.json
+++ b/packages/sonataflow-devmode-image/package.json
@@ -34,7 +34,7 @@
"m2-repo-via-http:container:kill": "(docker container kill m2-repo-via-http || true) && (docker container rm m2-repo-via-http || true)",
"m2-repo-via-http:container:prepare-m2-repo-volume": "node -e 'require(`@kie-tools/maven-base`).prepareHardLinkedM2ForPackage(`./dist/tmp-m2/repository`, `./node_modules/@kie-tools/sonataflow-quarkus-devui`)'",
"m2-repo-via-http:container:run": "(pnpm m2-repo-via-http:container:kill || true) && pnpm m2-repo-via-http:container:prepare-m2-repo-volume && docker run --name m2-repo-via-http -v \"./dist/tmp-m2/repository:/var/www/html\" -dit $(build-env sonataflowDevModeImage.dev.mavenM2RepoViaHttpImage)",
- "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env sonataflowDevModeImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env sonataflowDevModeImage.account) KOGITO_IMAGE_NAME=$(build-env sonataflowDevModeImage.name) KOGITO_IMAGE_TAG=$(build-env sonataflowDevModeImage.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito) SONATAFLOW_QUARKUS_DEVUI_VERSION=$(build-env sonataflowDevModeImage.sonataflowQuarkusDevUiVersion)"
+ "setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env sonataflowDevModeImage.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env sonataflowDevModeImage.account) KOGITO_IMAGE_NAME=$(build-env sonataflowDevModeImage.name) KOGITO_IMAGE_TAG=$(build-env sonataflowDevModeImage.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito) SONATAFLOW_QUARKUS_DEVUI_VERSION=$(build-env sonataflowDevModeImage.sonataflowQuarkusDevUiVersion)"
"devDependencies": {
"@kie-tools/image-builder": "workspace:*",
diff --git a/packages/sonataflow-image-common/README.md b/packages/sonataflow-image-common/README.md
index d6bf1235a9c..8a44393bcb6 100644
--- a/packages/sonataflow-image-common/README.md
+++ b/packages/sonataflow-image-common/README.md
@@ -43,6 +43,7 @@ To build and tests the images the package provides a convenient `Makefile` that
- `KOGITO_IMAGE_REGISTRY_ACCOUNT`: Image registry account to use, defaults to 'apache'
- `KOGITO_IMAGE_TAG`: Custom tag for the image. If not provided it will use the version in the image descriptor.
+- `QUARKUS_PLATFORM_GROUPID`: (required) Quarkus platform groupdId to use inside the image.
- `QUARKUS_PLATFORM_VERSION`: (required) Quarkus platform version to use inside the image.
- `KOGITO_VERSION`: (required) Kogito platform version to use inside the image.
diff --git a/packages/sonataflow-image-common/env/index.js b/packages/sonataflow-image-common/env/index.js
index 61bc742bd66..90987933577 100644
--- a/packages/sonataflow-image-common/env/index.js
+++ b/packages/sonataflow-image-common/env/index.js
@@ -17,11 +17,20 @@
* under the License.
-const { varsWithName, composeEnv } = require("@kie-tools-scripts/build-env");
+const { varsWithName, getOrDefault, composeEnv } = require("@kie-tools-scripts/build-env");
module.exports = composeEnv([require("@kie-tools/root-env/env")], {
- vars: varsWithName({}),
+ vars: varsWithName({
+ default: "io.quarkus.platform",
+ description: "Quarkus platform group id.",
+ },
+ }),
get env() {
- return {};
+ return {
+ kogitoImagesCekitModules: {
+ quarkusGroupId: getOrDefault(this.vars.KOGITO_IMAGES_CEKIT_MODULES__quarkusGroupId),
+ },
+ };
diff --git a/packages/sonataflow-image-common/resources/Makefile b/packages/sonataflow-image-common/resources/Makefile
index 7f72573fb18..7cd4147877c 100644
--- a/packages/sonataflow-image-common/resources/Makefile
+++ b/packages/sonataflow-image-common/resources/Makefile
@@ -41,6 +41,9 @@ endif
# Check if there are Quarkus and Kogito version envs
+ $(error Cannot build image, please provide a valid Quarkus groupId using the QUARKUS_PLATFORM_GROUPID env)
$(error Cannot build image, please provide a valid Quarkus version using the QUARKUS_PLATFORM_VERSION env)
@@ -51,9 +54,9 @@ endif
# Upgrade Quarkus & Kogito versions in the images and modules
- python3 scripts/versions_manager.py --quarkus-version ${QUARKUS_PLATFORM_VERSION} --kogito-version ${KOGITO_VERSION} --sonataflow-quarkus-devui-version ${SONATAFLOW_QUARKUS_DEVUI_VERSION}
+ python3 scripts/versions_manager.py --quarkus-groupid ${QUARKUS_PLATFORM_GROUPID} --quarkus-version ${QUARKUS_PLATFORM_VERSION} --kogito-version ${KOGITO_VERSION} --sonataflow-quarkus-devui-version ${SONATAFLOW_QUARKUS_DEVUI_VERSION}
- python3 scripts/versions_manager.py --quarkus-version ${QUARKUS_PLATFORM_VERSION} --kogito-version ${KOGITO_VERSION}
+ python3 scripts/versions_manager.py --quarkus-groupid ${QUARKUS_PLATFORM_GROUPID} --quarkus-version ${QUARKUS_PLATFORM_VERSION} --kogito-version ${KOGITO_VERSION}
_fix_platform_versions: _check_versions _run_version_manager
diff --git a/packages/sonataflow-image-common/resources/modules/kogito-project-versions/module.yaml b/packages/sonataflow-image-common/resources/modules/kogito-project-versions/module.yaml
index b710330fb63..61896281975 100644
--- a/packages/sonataflow-image-common/resources/modules/kogito-project-versions/module.yaml
+++ b/packages/sonataflow-image-common/resources/modules/kogito-project-versions/module.yaml
@@ -25,6 +25,9 @@ envs:
description: Defines the Kogito version to be used by the builder images. Not intended to be changed by end user.
+ value: "### SET ME DURING BUILD PROCESS ###"
+ description: Defines the Quarkus Platform groupId to be used by the builder images. Not intended to be changed by end user.
description: Defines the Quarkus Platform version to be used by the builder images. Not intended to be changed by end user.
diff --git a/packages/sonataflow-image-common/resources/modules/sonataflow/common/scripts/added/add-extension.sh b/packages/sonataflow-image-common/resources/modules/sonataflow/common/scripts/added/add-extension.sh
index dc4ab3e7928..fcddc18727b 100755
--- a/packages/sonataflow-image-common/resources/modules/sonataflow/common/scripts/added/add-extension.sh
+++ b/packages/sonataflow-image-common/resources/modules/sonataflow/common/scripts/added/add-extension.sh
@@ -47,4 +47,4 @@ fi
-DplatformVersion="${QUARKUS_PLATFORM_VERSION}" \
-Dextensions="${extensions}" \
- io.quarkus.platform:quarkus-maven-plugin:"${QUARKUS_PLATFORM_VERSION}":add-extension
+ "${QUARKUS_PLATFORM_GROUPID}":quarkus-maven-plugin:"${QUARKUS_PLATFORM_VERSION}":add-extension
diff --git a/packages/sonataflow-image-common/resources/modules/sonataflow/common/scripts/added/create-app.sh b/packages/sonataflow-image-common/resources/modules/sonataflow/common/scripts/added/create-app.sh
index 5dedc599f2d..b29179b2cef 100755
--- a/packages/sonataflow-image-common/resources/modules/sonataflow/common/scripts/added/create-app.sh
+++ b/packages/sonataflow-image-common/resources/modules/sonataflow/common/scripts/added/create-app.sh
@@ -38,7 +38,7 @@ source "${script_dir_path}"/configure-jvm-mvn.sh
-nsu \
-B \
- io.quarkus.platform:quarkus-maven-plugin:"${QUARKUS_PLATFORM_VERSION}":create ${QUARKUS_CREATE_ARGS} \
-DprojectGroupId="${PROJECT_GROUP_ID}" \
-DprojectArtifactId="${PROJECT_ARTIFACT_ID}" \
-DprojectVersionId="${PROJECT_VERSION}" \
@@ -135,7 +135,7 @@ fi
-DskipTests=true \
-Dmaven.javadoc.skip=true \
- clean dependency:go-offline io.quarkus.platform:quarkus-maven-plugin:"${QUARKUS_PLATFORM_VERSION}":go-offline install
+ clean dependency:go-offline "${QUARKUS_PLATFORM_GROUPID}":quarkus-maven-plugin:"${QUARKUS_PLATFORM_VERSION}":go-offline install
# clean up
diff --git a/packages/sonataflow-image-common/resources/scripts/common.py b/packages/sonataflow-image-common/resources/scripts/common.py
index 35ce2c44462..aed15c274fd 100644
--- a/packages/sonataflow-image-common/resources/scripts/common.py
+++ b/packages/sonataflow-image-common/resources/scripts/common.py
@@ -11,6 +11,8 @@
KOGITO_VERSION_LABEL_NAME = "org.kie.kogito.version"
QUARKUS_PLATFORM_VERSION_LABEL_NAME = "io.quarkus.platform.version"
@@ -151,6 +153,14 @@ def update_kogito_platform_version(kogito_platform_version):
update_env_value(KOGITO_VERSION_ENV_KEY, kogito_platform_version)
update_label_value(KOGITO_VERSION_LABEL_NAME, kogito_platform_version)
+def update_quarkus_platform_groupid(quarkus_platform_groupid):
+ """
+ Update quarkus_platform_groupid into images/modules
+ :param quarkus_platform_groupid: quarkus groupid to set
+ """
+ print("Setting Quarkus groupid: " + quarkus_platform_groupid)
+ update_env_value(QUARKUS_PLATFORM_GROUPID_ENV_KEY, quarkus_platform_groupid)
def update_quarkus_platform_version(quarkus_platform_version):
Update quarkus_platform_version version into images/modules
diff --git a/packages/sonataflow-image-common/resources/scripts/versions_manager.py b/packages/sonataflow-image-common/resources/scripts/versions_manager.py
index d71f18a8917..adea4df7571 100644
--- a/packages/sonataflow-image-common/resources/scripts/versions_manager.py
+++ b/packages/sonataflow-image-common/resources/scripts/versions_manager.py
@@ -33,6 +33,7 @@
parser = argparse.ArgumentParser(description='Kie Tools - SWF Image Version Manager')
parser.add_argument('--bump-to', dest='bump_to', help='Bump all images and yamls to the next version')
parser.add_argument('--source-folder', dest='source_folder')
+ parser.add_argument('--quarkus-groupid', dest='quarkus_groupid', help='Sets the image Quarkus groupId')
parser.add_argument('--quarkus-version', dest='quarkus_version', help='Sets the image Quarkus Version')
parser.add_argument('--kogito-version', dest='kogito_version', help='Sets the image Kogito Version')
parser.add_argument('--sonataflow-quarkus-devui-version', dest='sonataflow_quarkus_devui_version', help='Sets the image SonataFlow Quarkus DevUI Version', required=False)
@@ -46,6 +47,8 @@
common.update_image_and_modules_version(args.bump_to, args.source_folder)
if args.kogito_version is not None:
+ if args.quarkus_groupid is not None:
+ common.update_quarkus_platform_groupid(args.quarkus_groupid)
if args.quarkus_version is not None:
if args.sonataflow_quarkus_devui_version is not None:
diff --git a/packages/sonataflow-management-console-image/env/index.js b/packages/sonataflow-management-console-image/env/index.js
index 50f80317fdc..54010f1b7d4 100644
--- a/packages/sonataflow-management-console-image/env/index.js
+++ b/packages/sonataflow-management-console-image/env/index.js
@@ -20,14 +20,18 @@
const { varsWithName, composeEnv } = require("@kie-tools-scripts/build-env");
const rootEnv = require("@kie-tools/root-env/env");
+const sonataflowImageCommonEnv = require("@kie-tools/sonataflow-image-common/env");
-module.exports = composeEnv([rootEnv, require("@kie-tools/sonataflow-management-console-image-env/env")], {
- vars: varsWithName({}),
- get env() {
- return {
- sonataflowManagementConsoleImage: {
- version: require("../package.json").version,
- },
- };
- },
+module.exports = composeEnv(
+ [rootEnv, sonataflowImageCommonEnv, require("@kie-tools/sonataflow-management-console-image-env/env")],
+ {
+ vars: varsWithName({}),
+ get env() {
+ return {
+ sonataflowManagementConsoleImage: {
+ version: require("../package.json").version,
+ },
+ };
+ },
+ }
diff --git a/packages/sonataflow-management-console-image/package.json b/packages/sonataflow-management-console-image/package.json
index 04933271fc7..c2617e19429 100644
--- a/packages/sonataflow-management-console-image/package.json
+++ b/packages/sonataflow-management-console-image/package.json
@@ -28,7 +28,7 @@
"image:cekit:build:linux": "pnpm image:cekit:copy && pnpm image:cekit:setup:env make -C ./dist-dev build",
"image:cekit:build:win32:darwin": "echo \"Build skipped on macOS and Windows\"",
"image:cekit:copy": "cp -R ./node_modules/@kie-tools/sonataflow-image-common/resources/* ./dist-dev/ && cp -R resources/* ./dist-dev/",
- "image:cekit:setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env sonataflowManagementConsoleImageEnv.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env sonataflowManagementConsoleImageEnv.account) KOGITO_IMAGE_NAME=$(build-env sonataflowManagementConsoleImageEnv.name) KOGITO_IMAGE_TAG=$(build-env sonataflowManagementConsoleImageEnv.buildTag) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito) SONATAFLOW_MANAGEMENT_CONSOLE_PORT=$(build-env sonataflowManagementConsoleImageEnv.port)"
+ "image:cekit:setup:env": ". ./node_modules/@kie-tools/python-venv/venv/bin/activate && cross-env KOGITO_IMAGE_REGISTRY=$(build-env sonataflowManagementConsoleImageEnv.registry) KOGITO_IMAGE_REGISTRY_ACCOUNT=$(build-env sonataflowManagementConsoleImageEnv.account) KOGITO_IMAGE_NAME=$(build-env sonataflowManagementConsoleImageEnv.name) KOGITO_IMAGE_TAG=$(build-env sonataflowManagementConsoleImageEnv.buildTag) QUARKUS_PLATFORM_GROUPID=$(build-env kogitoImagesCekitModules.quarkusGroupId) QUARKUS_PLATFORM_VERSION=$(build-env versions.quarkus) KOGITO_VERSION=$(build-env versions.kogito) SONATAFLOW_MANAGEMENT_CONSOLE_PORT=$(build-env sonataflowManagementConsoleImageEnv.port)"
"devDependencies": {
"@kie-tools/image-env-to-json": "workspace:*",
diff --git a/packages/sonataflow-operator/.gitignore b/packages/sonataflow-operator/.gitignore
new file mode 100644
index 00000000000..51a59484021
--- /dev/null
+++ b/packages/sonataflow-operator/.gitignore
@@ -0,0 +1,40 @@
+# These files are generated by Cekit, we can ignore the operator-sdk ones.
+# Binaries for programs and plugins
+# Test binary, built with `go test -c`
+# Output of the go coverage tool, specifically when used with LiteIDE
+# Dependency directories (remove the comment below to include it)
+# vendor/
+## Auto-generated files
diff --git a/packages/sonataflow-operator/Makefile b/packages/sonataflow-operator/Makefile
index 6a6bb24435d..b1b274401a5 100644
--- a/packages/sonataflow-operator/Makefile
+++ b/packages/sonataflow-operator/Makefile
@@ -1,28 +1,10 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
# VERSION defines the project version for the bundle.
# Update this value when you upgrade the version of your project.
# To re-generate a bundle for another specific version without changing the standard setup, you can:
# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.0.0
-IMAGE_TAG ?= main
+VERSION ?= $(shell pnpm build-env sonataFlowOperator.version)
+IMAGE_TAG ?= $(shell pnpm build-env sonataFlowOperator.buildTag)
# CHANNELS define the bundle channels used in the bundle.
# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
# This variable is used to construct full image tags for bundle and catalog images.
# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
-# docker.io/apache/incubator-kie-sonataflow-operator-bundle:$VERSION and docker.io/apache/incubator-kie-sonataflow-operator-catalog:$VERSION.
-IMAGE_TAG_BASE ?= docker.io/apache/incubator-kie-sonataflow-operator
+# apache/sonataflow-operator-bundle:$VERSION and apache/sonataflow-operator-catalog:$VERSION.
+IMAGE_TAG_BASE ?= $(shell pnpm build-env sonataFlowOperator.registry)/$(shell pnpm build-env sonataFlowOperator.account)/$(shell pnpm build-env sonataFlowOperator.name)
# BUNDLE_IMG defines the image:tag used for the bundle.
# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:)
@@ -73,9 +55,9 @@ endif
# Image URL to use all building/pushing image targets
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
@@ -114,34 +96,64 @@ help: ## Display this help.
.PHONY: manifests
manifests: generate ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
- $(CONTROLLER_GEN) rbac:roleName=manager-role crd:allowDangerousTypes=true webhook paths="./api/..." paths="./controllers/..." output:crd:artifacts:config=config/crd/bases
+ @echo "📄 Generating WebhookConfiguration, ClusterRole, and CRD objects..."
+ @$(CONTROLLER_GEN) rbac:roleName=manager-role crd:allowDangerousTypes=true webhook paths="./api/..." paths="./internal/controller/..." output:crd:artifacts:config=config/crd/bases
.PHONY: generate
-generate: controller-gen fmt ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
- $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./api/..." paths="./container-builder/api/..."
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+ @echo "🔄 Generating DeepCopy methods for APIs..."
+ @$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./api/..." paths="./container-builder/api/..." > /dev/null 2>&1
.PHONY: fmt
fmt: ## Run go fmt against code.
- ./hack/goimports.sh
- go work sync
- go mod tidy
- go fmt ./...
+ @echo "🧹 Running go fmt and goimports..."
+ @./hack/goimports.sh > /dev/null 2>&1
+ @go work sync > /dev/null 2>&1
+ @go mod tidy > /dev/null 2>&1
+ @go fmt ./... > /dev/null 2>&1
.PHONY: vet
vet: ## Run go vet against code.
- go vet ./...
+ @echo "🔍 Running go vet..."
+ @go vet ./...
.PHONY: test
-test: manifests generate envtest addheaders vet fmt test-api test-workflowproj test-container-builder ## Run tests.
- KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $(shell go list ./... | grep -v /test/) -coverprofile cover.out
+test: manifests generate test-api ## Run tests.
+ @$(MAKE) addheaders
+ @$(MAKE) vet
+ @$(MAKE) fmt
+ @echo "🔍 Running controller tests..."
+ go test $(shell go list ./... | grep -v /test/) -coverprofile cover.out
+ @echo "✅ Tests completed successfully. Coverage report generated: cover.out."
.PHONY: test-api
- cd api && make test
+ @echo "🔄 Running API tests..."
+ @cd api && make test > /dev/null 2>&1
+ @echo "✅ API tests completed successfully."
+.PHONY: lint
+lint: golangci-lint ## Run golangci-lint linter
+.PHONY: lint-fix
+lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
+ $(GOLANGCI_LINT) run --fix
# Test proxy commands
+.PHONY: run-tests
+run-tests: generate-all
+ @(cd $(TEST_DIR) && $(MAKE) $@)
+.PHONY: run-smoke-tests
+run-smoke-tests: generate-all
+ @(cd $(TEST_DIR) && $(MAKE) $@)
.PHONY: test-container-builder
cd container-builder && make test
@@ -153,16 +165,16 @@ test-workflowproj:
##@ Build
.PHONY: build
-build: generate-all ## Build manager binary.
- CGO_ENABLED=0 go build -trimpath -ldflags=-buildid= -o bin/manager main.go
+build: ## Build manager binary.
+ CGO_ENABLED=0 go build -trimpath -ldflags=-buildid= -o bin/manager cmd/main.go
.PHONY: build-4-debug
build-4-debug: generate ## Build manager binary with debug options.
- go build -gcflags="all=-N -l" -o bin/manager main.go
+ go build -gcflags="all=-N -l" -o bin/manager cmd/main.go
.PHONY: run
run: manifests generate ## Run a controller from your host.
- go run ./main.go
+ go run ./cmd/main.go -v=2 -controller-cfg-path=$(CURDIR)/config/manager/controllers_cfg.yaml
.PHONY: debug
debug: build-4-debug ## Run a controller from your host from binary
@@ -182,16 +194,15 @@ docker-buildx: generate ## Build and push docker image for the manager for cross
sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
- docker buildx create --name project-v3-builder
docker buildx use project-v3-builder
- - docker buildx build --build-arg SOURCE_DATE_EPOCH=$(shell git log -1 --pretty=%ct) --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross
+ - docker buildx build --build-arg SOURCE_DATE_EPOCH=$(shell git log -1 --pretty=%ct) --push . --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross
- docker buildx rm project-v3-builder
rm Dockerfile.cross
.PHONY: container-build
container-build: ## Build the container image
- cekit -v --descriptor images/manager.yaml build ${build_options} $(BUILDER) --build-arg SOURCE_DATE_EPOCH="$(shell git log -1 --pretty=%ct)" --tag ${IMG} --tag $(IMAGE_TAG_BASE):$(VERSION)
+ cekit -v --descriptor images/manager.yaml build ${build_options} $(BUILDER) --build-arg SOURCE_DATE_EPOCH="$(shell git log -1 --pretty=%ct)"
ifneq ($(ignore_tag),true)
- $(BUILDER) tag ${IMG} sonataflow-operator:$(IMAGE_TAG)
- $(BUILDER) tag ${IMG} sonataflow-operator:$(VERSION)
+ $(BUILDER) tag sonataflow-operator:latest ${IMG}
.PHONY: container-push
@@ -219,8 +230,11 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
.PHONY: generate-deploy
generate-deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
- cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
- $(KUSTOMIZE) build config/default > operator.yaml
+ @echo "🚀 Updating controller image to ${IMG}..."
+ @cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} > /dev/null 2>&1
+ @echo "📄 Building deployment YAML..."
+ @$(KUSTOMIZE) build config/default > operator.yaml
.PHONY: undeploy
undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
@@ -231,46 +245,85 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
## Location to install dependencies to
LOCALBIN ?= $(shell pwd)/bin
- mkdir -p -m 777 $(LOCALBIN)
+ mkdir -p $(LOCALBIN)
## Tool Binaries
-KUSTOMIZE ?= $(LOCALBIN)/kustomize
+KUBECTL ?= kubectl
CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
-ENVTEST ?= $(LOCALBIN)/setup-envtest
## Tool Versions
+ENVTEST_VERSION ?= release-0.18
KIND_VERSION ?= v0.20.0
+KNATIVE_SERVING_PREFIX ?= "https://github.com/knative/serving/releases/download/knative-$(KNATIVE_VERSION)"
+KNATIVE_EVENTING_PREFIX ?= "https://github.com/knative/eventing/releases/download/knative-$(KNATIVE_VERSION)"
KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
.PHONY: kustomize
kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
- test -s $(LOCALBIN)/kustomize || GO111MODULE=on GOBIN=$(LOCALBIN) go install -modcacherw sigs.k8s.io/kustomize/kustomize/v4@$(KUSTOMIZE_VERSION)
+ $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION))
.PHONY: controller-gen
controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
- test -s $(LOCALBIN)/controller-gen || GOBIN=$(LOCALBIN) go install -modcacherw sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+ @echo "⬇️ Ensuring controller-gen is installed..."
+ @test -s $(CONTROLLER_GEN) || (GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) > /dev/null 2>&1 && echo "✅ controller-gen installed successfully!")
+ @mkdir -p $(LOCALBIN) # Ensure LOCALBIN exists
.PHONY: envtest
-envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+envtest: $(ENVTEST) ## Download setup-envtest locally if necessary.
- test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install -modcacherw sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+ $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION))
+.PHONY: golangci-lint
+golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
+ $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION})
+# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
+# $1 - target path with name of binary (ideally with version)
+# $2 - package url which can be installed
+# $3 - specific version of package
+define go-install-tool
+@[ -f $(1) ] || { \
+set -e; \
+package=$(2)@$(3) ;\
+echo "Downloading $${package}" ;\
+GOBIN=$(LOCALBIN) go install $${package} ;\
+mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\
.PHONY: bundle
bundle: manifests kustomize install-operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
- operator-sdk generate kustomize manifests -q
- cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
- $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS)
- operator-sdk bundle validate ./bundle
+ @echo "📦 Generating bundle manifests and metadata..."
+ @operator-sdk generate kustomize manifests -q > /dev/null 2>&1
+ @echo "🔧 Setting controller image in Kustomize..."
+ @cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) > /dev/null 2>&1
+ @echo "🔨 Building Kustomize and generating bundle..."
+ @$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS) > /dev/null 2>&1
+ @echo "🛠️ Validating generated bundle..."
+ @operator-sdk bundle validate ./bundle > /dev/null 2>&1
.PHONY: bundle-build
bundle-build: ## Build the bundle image
cekit -v --descriptor images/bundle.yaml build ${build_options} $(BUILDER) --no-squash --build-arg SOURCE_DATE_EPOCH="$(shell git log -1 --pretty=%ct)"
ifneq ($(ignore_tag),true)
- $(BUILDER) tag sonataflow-operator-bundle:$(IMAGE_TAG) $(BUNDLE_IMG)
+ $(BUILDER) tag sonataflow-operator-bundle:latest $(BUNDLE_IMG)
.PHONY: bundle-push
@@ -306,12 +359,16 @@ ifneq ($(origin CATALOG_BASE_IMG), undefined)
+PLATFORM ?= linux/amd64
# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'.
# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see:
# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
.PHONY: catalog-build
catalog-build: opm ## Build a catalog image.
- $(OPM) index add --container-tool $(BUILDER) --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
+ $(OPM) index add --container-tool $(BUILDER) --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) --generate -d ./index.Dockerfile
+ $(BUILDER) build --platform $(PLATFORM) -f ./index.Dockerfile -t $(CATALOG_IMG) .
+ rm ./index.Dockerfile
# Push the catalog image.
.PHONY: catalog-push
@@ -324,55 +381,106 @@ clean:
.PHONY: bump-version
new_version = ""
-snapshot = ""
- ./hack/bump-version.sh $(new_version) $(snapshot)
+ ./hack/bump-version.sh $(new_version)
+.PHONY: install-operator-sdk
- ./hack/ci/install-operator-sdk.sh
+ @echo "📦 Installing Operator SDK..."
+ @./hack/install-operator-sdk.sh > /dev/null 2>&1
- ./hack/align-osl-config.sh
.PHONY: addheaders
- ./hack/addheaders.sh
+ @echo "📝 Adding headers to files..."
+ @./hack/addheaders.sh > /dev/null 2>&1
.PHONY: generate-all
-generate-all: generate generate-deploy bundle addheaders vet fmt
+generate-all: generate generate-deploy bundle
+ @$(MAKE) addheaders
+ @$(MAKE) vet
+ @$(MAKE) fmt
-.PHONY: test-e2e # You will need to have a Minikube/Kind cluster up in running to run this target, and run container-builder before the test
+.PHONY: test-e2e # You will need to have a Minikube/Kind cluster up and running to run this target, and run container-builder before the test
+label = "flows-ephemeral" # possible values are flows-ephemeral, flows-persistence, flows-monitoring, platform, cluster
- go test ./test/e2e/* -v -ginkgo.v -ginkgo.no-color -ginkgo.junit-report=./dist-tests-e2e/junit-report-it.xml -timeout 60m
+ifeq ($(label), cluster)
+ @echo "🌐 Running e2e tests for cluster..."
+ go test ./test/e2e/e2e_suite_test.go ./test/e2e/helpers.go ./test/e2e/clusterplatform_test.go \
+ -v -ginkgo.v -ginkgo.no-color -ginkgo.github-output -ginkgo.label-filter=$(label) \
+ -ginkgo.junit-report=./e2e-test-report-clusterplatform_test.xml -timeout 60m KUSTOMIZE=$(KUSTOMIZE);
+else ifeq ($(label), platform)
+ @echo "📦 Running e2e tests for platform..."
+ go test ./test/e2e/e2e_suite_test.go ./test/e2e/helpers.go ./test/e2e/platform_test.go \
+ -v -ginkgo.v -ginkgo.no-color -ginkgo.github-output -ginkgo.label-filter=$(label) \
+ -ginkgo.junit-report=./e2e-test-report-platform_test.xml -timeout 60m KUSTOMIZE=$(KUSTOMIZE);
+else ifeq ($(label), flows-ephemeral)
+ @echo "🔄 Running e2e tests for flows-ephemeral..."
+ go test ./test/e2e/e2e_suite_test.go ./test/e2e/helpers.go ./test/e2e/workflow_test.go \
+ -v -ginkgo.v -ginkgo.no-color -ginkgo.github-output -ginkgo.label-filter=$(label) \
+ -ginkgo.junit-report=./e2e-test-report-workflow_test.xml -timeout 60m KUSTOMIZE=$(KUSTOMIZE);
+else ifeq ($(label), flows-persistence)
+ @echo "🔁 Running e2e tests for flows-persistence..."
+ go test ./test/e2e/e2e_suite_test.go ./test/e2e/helpers.go ./test/e2e/workflow_test.go \
+ -v -ginkgo.v -ginkgo.no-color -ginkgo.github-output -ginkgo.label-filter=$(label) \
+ -ginkgo.junit-report=./e2e-test-report-workflow_test.xml -timeout 60m KUSTOMIZE=$(KUSTOMIZE);
+else ifeq ($(label), flows-monitoring)
+ @echo "🔁 Running e2e tests for flows-monitoring..."
+ go test ./test/e2e/e2e_suite_test.go ./test/e2e/helpers.go ./test/e2e/workflow_test.go \
+ -v -ginkgo.v -ginkgo.no-color -ginkgo.github-output -ginkgo.label-filter=$(label) \
+ -ginkgo.junit-report=./e2e-test-report-workflow_test.xml -timeout 60m KUSTOMIZE=$(KUSTOMIZE);
+ @echo "❌ Invalid label. Please use one of: cluster, platform, flows-ephemeral, flows-persistence, flows-monitoring"
+.PHONY: full-test-e2e
+full-test-e2e: create-cluster load-docker-image deploy deploy-knative deploy-prometheus
+ sleep 30
+ kubectl wait pod -A -l control-plane=sonataflow-operator --for condition=Ready --timeout 120s
+ @$(MAKE) test-e2e label=platform
+ @$(MAKE) test-e2e label=cluster
+ @$(MAKE) test-e2e label=flows-monitoring
+ @$(MAKE) test-e2e label=flows-persistence
+ @$(MAKE) test-e2e label=flows-ephemeral
.PHONY: before-pr
-before-pr: test generate-all
+before-pr: generate-all test ## Run generate-all before executing tests.
+ @echo "✅ Your working branch is done."
+.PHONY: load-docker-image
+load-docker-image: install-kind
+ kind load docker-image $(IMG)
+ kind load docker-image docker.io/apache/incubator-kie-sonataflow-builder:main
+ kind load docker-image docker.io/apache/incubator-kie-sonataflow-devmode:main
.PHONY: install-kind
- command -v kind >/dev/null || go install -modcacherw sigs.k8s.io/kind@$(KIND_VERSION)
+ command -v kind >/dev/null || go install sigs.k8s.io/kind@$(KIND_VERSION)
.PHONY: create-cluster
create-cluster: install-kind
- kind get clusters | grep kind >/dev/null || ./hack/ci/create-kind-cluster-with-registry.sh
+ kind get clusters | grep kind >/dev/null || ./hack/create-kind-cluster-with-registry.sh $(BUILDER)
+.PHONY: deploy-knative
+ kubectl apply -f https://github.com/knative/operator/releases/download/knative-$(KNATIVE_VERSION)/operator.yaml
+ kubectl wait --for=condition=Available=True deploy/knative-operator -n default --timeout=$(TIMEOUT_SECS)
+ kubectl apply -f ./test/testdata/knative_serving_eventing.yaml
+ kubectl wait --for=condition=Ready=True KnativeServing/knative-serving -n knative-serving --timeout=$(TIMEOUT_SECS)
+ kubectl wait --for=condition=Ready=True KnativeEventing/knative-eventing -n knative-eventing --timeout=$(TIMEOUT_SECS)
+.PHONY: deploy-prometheus
+deploy-prometheus: create-cluster
+ kubectl create -f https://github.com/prometheus-operator/prometheus-operator/releases/download/$(PROMETHEUS_VERSION)/bundle.yaml
+ kubectl wait --for=condition=Available=True deploy/prometheus-operator -n default --timeout=$(TIMEOUT_SECS)
+ kubectl apply -f ./test/testdata/prometheus.yaml -n default
+ kubectl wait --for=condition=Available=True prometheus/prometheus -n default --timeout=$(TIMEOUT_SECS)
+.PHONY: deploy-grafana
+deploy-grafana: create-cluster
+ kubectl create -f https://github.com/grafana/grafana-operator/releases/download/$(GRAFANA_VERSION)/kustomize-cluster_scoped.yaml
+ kubectl wait --for=condition=Available=True deploy/grafana-operator-controller-manager -n grafana --timeout=$(TIMEOUT_SECS)
.PHONY: delete-cluster
delete-cluster: install-kind
- kind delete cluster && docker rm -f kind-registry
-.PHONY: load-docker-image
-load-docker-image: install-kind
- kind load docker-image $(IMG)
- kind load docker-image docker.io/apache/incubator-kie-sonataflow-builder:main
- kind load docker-image docker.io/apache/incubator-kie-sonataflow-devmode:main
-# docker tag docker.io/apache/incubator-kie-sonataflow-builder:main localhost:5001/apache/incubator-kie-sonataflow-builder:main
-# docker tag docker.io/apache/incubator-kie-sonataflow-devmode:main localhost:5001/apache/incubator-kie-sonataflow-devmode:main
-# docker push localhost:5001/apache/incubator-kie-sonataflow-builder:main
-# docker push localhost:5001/apache/incubator-kie-sonataflow-devmode:main
-.PHONY: full-test-e2e
-full-test-e2e: create-cluster load-docker-image deploy
- sleep 60
- kubectl wait pod -A -l control-plane=sonataflow-operator --for condition=Ready --timeout 120s
- go test ./test/e2e/* -v -ginkgo.v -ginkgo.no-color -ginkgo.junit-report=./dist-tests-e2e/junit-report-it.xml -timeout 60m
+ kind delete cluster && $(BUILDER) rm -f kind-registry
diff --git a/packages/sonataflow-operator/PROJECT b/packages/sonataflow-operator/PROJECT
index 860274751c9..64657083fb2 100644
--- a/packages/sonataflow-operator/PROJECT
+++ b/packages/sonataflow-operator/PROJECT
@@ -1,6 +1,6 @@
domain: org
-- go.kubebuilder.io/v3
+- go.kubebuilder.io/v4
manifests.sdk.operatorframework.io/v2: {}
scorecard.sdk.operatorframework.io/v2: {}
diff --git a/packages/sonataflow-operator/api/Makefile b/packages/sonataflow-operator/api/Makefile
index 6f72fad5e6c..00c73d81848 100644
--- a/packages/sonataflow-operator/api/Makefile
+++ b/packages/sonataflow-operator/api/Makefile
@@ -1,20 +1,3 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
.PHONY: test
go test $(shell go list ./... | grep -v /test/) -coverprofile cover.out
diff --git a/packages/sonataflow-operator/api/go.mod b/packages/sonataflow-operator/api/go.mod
index 148022c1ebb..cbe39a73775 100644
--- a/packages/sonataflow-operator/api/go.mod
+++ b/packages/sonataflow-operator/api/go.mod
@@ -1,79 +1,75 @@
module github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api
-go 1.21
+go 1.22.0
require (
- github.com/serverlessworkflow/sdk-go/v2 v2.2.5
- k8s.io/api v0.27.6
- k8s.io/apimachinery v0.27.6
+ github.com/serverlessworkflow/sdk-go/v2 v2.4.2
+ k8s.io/api v0.31.1
+ k8s.io/apimachinery v0.31.1
knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c
- sigs.k8s.io/controller-runtime v0.15.0
- sigs.k8s.io/yaml v1.3.0
+ sigs.k8s.io/controller-runtime v0.19.0
+ sigs.k8s.io/yaml v1.4.0
require (
github.com/beorn7/perks v1.0.1 // indirect
- github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
- github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+ github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
- github.com/evanphx/json-patch/v5 v5.7.0 // indirect
- github.com/fsnotify/fsnotify v1.6.0 // indirect
- github.com/go-logr/logr v1.2.4 // indirect
+ github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+ github.com/fsnotify/fsnotify v1.7.0 // indirect
+ github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+ github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+ github.com/go-logr/logr v1.4.2 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
- github.com/go-playground/locales v0.14.0 // indirect
- github.com/go-playground/universal-translator v0.18.0 // indirect
- github.com/go-playground/validator/v10 v10.11.1 // indirect
+ github.com/go-playground/locales v0.14.1 // indirect
+ github.com/go-playground/universal-translator v0.18.1 // indirect
+ github.com/go-playground/validator/v10 v10.22.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- github.com/golang/protobuf v1.5.3 // indirect
- github.com/google/gnostic v0.6.9 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
+ github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
- github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 // indirect
- github.com/google/uuid v1.3.1 // indirect
+ github.com/google/uuid v1.6.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
- github.com/leodido/go-urn v1.2.1 // indirect
+ github.com/leodido/go-urn v1.4.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
- github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
- github.com/onsi/ginkgo/v2 v2.13.0 // indirect
- github.com/onsi/gomega v1.30.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
- github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
- github.com/prometheus/client_golang v1.17.0 // indirect
- github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
- github.com/prometheus/common v0.44.0 // indirect
- github.com/prometheus/procfs v0.11.1 // indirect
- github.com/relvacode/iso8601 v1.3.0 // indirect
- github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46 // indirect
+ github.com/prometheus/client_golang v1.19.1 // indirect
+ github.com/prometheus/client_model v0.6.1 // indirect
+ github.com/prometheus/common v0.55.0 // indirect
+ github.com/prometheus/procfs v0.15.1 // indirect
+ github.com/relvacode/iso8601 v1.4.0 // indirect
+ github.com/sosodev/duration v1.3.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
- go.uber.org/multierr v1.11.0 // indirect
- golang.org/x/crypto v0.21.0 // indirect
- golang.org/x/net v0.23.0 // indirect
- golang.org/x/oauth2 v0.13.0 // indirect
- golang.org/x/sys v0.18.0 // indirect
- golang.org/x/term v0.18.0 // indirect
- golang.org/x/text v0.14.0 // indirect
- golang.org/x/time v0.3.0 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
+ golang.org/x/crypto v0.28.0 // indirect
+ golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 // indirect
+ golang.org/x/net v0.28.0 // indirect
+ golang.org/x/oauth2 v0.21.0 // indirect
+ golang.org/x/sys v0.26.0 // indirect
+ golang.org/x/term v0.25.0 // indirect
+ golang.org/x/text v0.19.0 // indirect
+ golang.org/x/time v0.5.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
- google.golang.org/appengine v1.6.7 // indirect
- google.golang.org/protobuf v1.33.0 // indirect
+ google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- k8s.io/apiextensions-apiserver v0.27.6 // indirect
- k8s.io/client-go v0.27.6 // indirect
- k8s.io/component-base v0.27.6 // indirect
- k8s.io/klog/v2 v2.100.1 // indirect
- k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 // indirect
- k8s.io/utils v0.0.0-20230711102312-30195339c3c7 // indirect
+ k8s.io/apiextensions-apiserver v0.31.0 // indirect
+ k8s.io/client-go v0.31.1 // indirect
+ k8s.io/klog/v2 v2.130.1 // indirect
+ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
diff --git a/packages/sonataflow-operator/api/go.sum b/packages/sonataflow-operator/api/go.sum
index b4acbbd1bac..9a2114f3fd1 100644
--- a/packages/sonataflow-operator/api/go.sum
+++ b/packages/sonataflow-operator/api/go.sum
@@ -1,116 +1,65 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
-github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
+github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
-github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
-github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 h1:n6vlPhxsA+BW/XsS5+uqi7GyzaLa5MH7qlSLBZtRdiA=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
+github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -118,188 +67,101 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/relvacode/iso8601 v1.3.0 h1:HguUjsGpIMh/zsTczGN3DVJFxTU/GX+MMmzcKoMO7ko=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46 h1:Dz0HrI1AtNSGCE8LXLLqoZU4iuOJXPWndenCsZfstA8=
-github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46/go.mod h1:is8FVkzSi7PYLWEXT5MgWhglFsyyiW8ffxAoJqfuFZo=
-github.com/serverlessworkflow/sdk-go/v2 v2.2.5 h1:/TFqBBni0hDpTA0bKadGTWbyBRiQ0o2ppz2ScY6DdTM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/relvacode/iso8601 v1.4.0 h1:GsInVSEJfkYuirYFxa80nMLbH2aydgZpIf52gYZXUJs=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/serverlessworkflow/sdk-go/v2 v2.4.2 h1:dqRa/i5J885rk0bGIXzUVLwEFfRWB9gpQfOdXlbejsI=
+github.com/sosodev/duration v1.3.1 h1:qtHBDMQ6lvMQsL15g4aopM4HEfOaYuhWBw3NPTtlqq4=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
+go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.27.6 h1:PBWu/lywJe2qQcshMjubzcBg7+XDZOo7O8JJAWuYtUo=
-k8s.io/apiextensions-apiserver v0.27.6 h1:mOwSBJtThZhpJr+8gEkc3wFDIjq87E3JspR5mtZxIg8=
-k8s.io/apimachinery v0.27.6 h1:mGU8jmBq5o8mWBov+mLjdTBcU+etTE19waies4AQ6NE=
-k8s.io/client-go v0.27.6 h1:vzI8804gpUtpMCNaFjIFyJrifH7u//LJCJPy8fQuYQg=
-k8s.io/component-base v0.27.6 h1:hF5WxX7Tpi9/dXAbLjPVkIA6CA6Pi6r9JOHyo0uCDYI=
-k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
-k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 h1:OmK1d0WrkD3IPfkskvroRykOulHVHf0s0ZIFRjyt+UI=
-k8s.io/utils v0.0.0-20230711102312-30195339c3c7 h1:ZgnF1KZsYxWIifwSNZFZgNtWE89WI5yiP5WwlfDoIyc=
+k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
+k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
+k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
+k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c h1:xyPoEToTWeBdn6tinhLxXfnhJhTNQt5WzHiTNiFphRw=
-sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
-sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
+knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c/go.mod h1:HHRXEd7ZlFpthgE+rwAZ6MUVnuJOAeolnaFSthXloUQ=
+sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
diff --git a/packages/sonataflow-operator/api/metadata/annotations.go b/packages/sonataflow-operator/api/metadata/annotations.go
index a0980ab94a2..f17897ede86 100644
--- a/packages/sonataflow-operator/api/metadata/annotations.go
+++ b/packages/sonataflow-operator/api/metadata/annotations.go
@@ -73,3 +73,36 @@ const (
// Ideally used in production use cases
GitOpsProfile ProfileType = "gitops"
+const (
+ DefaultProfile = PreviewProfile
+// deprecated prod profile is deprecate and not supported, use preview profile
+var supportedProfiles = map[ProfileType]ProfileType{DevProfile: DevProfile, PreviewProfile: PreviewProfile, GitOpsProfile: GitOpsProfile}
+func GetProfileOrDefault(annotation map[string]string) ProfileType {
+ if annotation == nil {
+ return DefaultProfile
+ }
+ if profile, ok := supportedProfiles[ProfileType(annotation[Profile])]; !ok {
+ return DefaultProfile
+ } else {
+ return profile
+ }
+func (p ProfileType) isValidProfile() bool {
+ _, ok := supportedProfiles[p]
+ return ok
+func IsDevProfile(annotation map[string]string) bool {
+ if annotation == nil {
+ return false
+ }
+ if len(annotation[Profile]) == 0 {
+ return false
+ }
+ return ProfileType(annotation[Profile]) == DevProfile
diff --git a/packages/sonataflow-operator/api/metadata/annotations_test.go b/packages/sonataflow-operator/api/metadata/annotations_test.go
new file mode 100644
index 00000000000..d87cefe8916
--- /dev/null
+++ b/packages/sonataflow-operator/api/metadata/annotations_test.go
@@ -0,0 +1,62 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package metadata
+import (
+ "testing"
+func TestGetProfile(t *testing.T) {
+ type args struct {
+ annotation map[string]string
+ }
+ tests := []struct {
+ name string
+ args args
+ want ProfileType
+ }{
+ {"Empty Annotations", args{annotation: nil}, DefaultProfile},
+ {"Non-existent Profile", args{annotation: map[string]string{Profile: "IDontExist"}}, DefaultProfile},
+ {"Regular Annotation", args{annotation: map[string]string{Profile: GitOpsProfile.String()}}, GitOpsProfile},
+ {"Deprecated Annotation", args{annotation: map[string]string{Profile: ProdProfile.String()}}, DefaultProfile},
+ {"Dev Annotation", args{annotation: map[string]string{Profile: DevProfile.String()}}, DevProfile},
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ if got := GetProfileOrDefault(tt.args.annotation); got != tt.want {
+ t.Errorf("GetProfileOrDefault() = %v, want %v", got, tt.want)
+ }
+ })
+ }
+func TestIsValidProfile(t *testing.T) {
+ profiles := []ProfileType{DefaultProfile, GitOpsProfile, DevProfile}
+ for _, profile := range profiles {
+ if !profile.isValidProfile() {
+ t.Errorf("Profile %s is not valid", profile)
+ }
+ }
+ if ProdProfile.isValidProfile() {
+ t.Errorf("ProdProfile is deprecated and should not be valid")
+ }
+ // any random string should not be a valid profile
+ if ProfileType("random").isValidProfile() {
+ t.Errorf("random is not a valid profile")
+ }
diff --git a/packages/sonataflow-operator/api/v1alpha08/podtemplate_types.go b/packages/sonataflow-operator/api/v1alpha08/podtemplate_types.go
new file mode 100644
index 00000000000..99e7f9335e3
--- /dev/null
+++ b/packages/sonataflow-operator/api/v1alpha08/podtemplate_types.go
@@ -0,0 +1,548 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package v1alpha08
+import corev1 "k8s.io/api/core/v1"
+// ContainerSpec is the container for the internal deployments based on the default Kubernetes Container API
+type ContainerSpec struct {
+ // Container image name.
+ // More info: https://kubernetes.io/docs/concepts/containers/images
+ // This field is optional to allow higher level config management to default or override
+ // container images in workload controllers like Deployments and StatefulSets.
+ // +optional
+ Image string `json:"image,omitempty" protobuf:"bytes,2,opt,name=image"`
+ // Entrypoint array. Not executed within a shell.
+ // The container image's ENTRYPOINT is used if this is not provided.
+ // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ // of whether the variable exists or not. Cannot be updated.
+ // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ // +optional
+ Command []string `json:"command,omitempty" protobuf:"bytes,3,rep,name=command"`
+ // Arguments to the entrypoint.
+ // The container image's CMD is used if this is not provided.
+ // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ // of whether the variable exists or not. Cannot be updated.
+ // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ // +optional
+ Args []string `json:"args,omitempty" protobuf:"bytes,4,rep,name=args"`
+ // List of ports to expose from the container. Not specifying a port here
+ // DOES NOT prevent that port from being exposed. Any port which is
+ // listening on the default "" address inside a container will be
+ // accessible from the network.
+ // Modifying this array with strategic merge patch may corrupt the data.
+ // For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=containerPort
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=containerPort
+ // +listMapKey=protocol
+ Ports []corev1.ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
+ // List of sources to populate environment variables in the container.
+ // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ // will be reported as an event when the container is starting. When a key exists in multiple
+ // sources, the value associated with the last source will take precedence.
+ // Values defined by an Env with a duplicate key will take precedence.
+ // Cannot be updated.
+ // +optional
+ EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty" protobuf:"bytes,19,rep,name=envFrom"`
+ // List of environment variables to set in the container.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ Env []corev1.EnvVar `json:"env,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=env"`
+ // Compute Resources required by this container.
+ // Cannot be updated.
+ // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ // +optional
+ Resources corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,8,opt,name=resources"`
+ // Resources resize policy for the container.
+ // +featureGate=InPlacePodVerticalScaling
+ // +optional
+ // +listType=atomic
+ ResizePolicy []corev1.ContainerResizePolicy `json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"`
+ // Pod volumes to mount into the container's filesystem.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=mountPath
+ // +patchStrategy=merge
+ VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty" patchStrategy:"merge" patchMergeKey:"mountPath" protobuf:"bytes,9,rep,name=volumeMounts"`
+ // volumeDevices is the list of block devices to be used by the container.
+ // +patchMergeKey=devicePath
+ // +patchStrategy=merge
+ // +optional
+ VolumeDevices []corev1.VolumeDevice `json:"volumeDevices,omitempty" patchStrategy:"merge" patchMergeKey:"devicePath" protobuf:"bytes,21,rep,name=volumeDevices"`
+ // Periodic probe of container liveness.
+ // Container will be restarted if the probe fails.
+ // Cannot be updated.
+ // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty" protobuf:"bytes,10,opt,name=livenessProbe"`
+ // Periodic probe of container service readiness.
+ // Container will be removed from service endpoints if the probe fails.
+ // Cannot be updated.
+ // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty" protobuf:"bytes,11,opt,name=readinessProbe"`
+ // StartupProbe indicates that the Pod has successfully initialized.
+ // If specified, no other probes are executed until this completes successfully.
+ // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ // when it might take a long time to load data or warm a cache, than during steady-state operation.
+ // This cannot be updated.
+ // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ StartupProbe *corev1.Probe `json:"startupProbe,omitempty" protobuf:"bytes,22,opt,name=startupProbe"`
+ // Actions that the management system should take in response to container lifecycle events.
+ // Cannot be updated.
+ // +optional
+ Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty" protobuf:"bytes,12,opt,name=lifecycle"`
+ // Optional: Path at which the file to which the container's termination message
+ // will be written is mounted into the container's filesystem.
+ // Message written is intended to be brief final status, such as an assertion failure message.
+ // Will be truncated by the node if greater than 4096 bytes. The total message length across
+ // all containers will be limited to 12kb.
+ // Defaults to /dev/termination-log.
+ // Cannot be updated.
+ // +optional
+ TerminationMessagePath string `json:"terminationMessagePath,omitempty" protobuf:"bytes,13,opt,name=terminationMessagePath"`
+ // Indicate how the termination message should be populated. File will use the contents of
+ // terminationMessagePath to populate the container status message on both success and failure.
+ // FallbackToLogsOnError will use the last chunk of container log output if the termination
+ // message file is empty and the container exited with an error.
+ // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ // Defaults to File.
+ // Cannot be updated.
+ // +optional
+ TerminationMessagePolicy corev1.TerminationMessagePolicy `json:"terminationMessagePolicy,omitempty" protobuf:"bytes,20,opt,name=terminationMessagePolicy,casttype=TerminationMessagePolicy"`
+ // Image pull policy.
+ // One of Always, Never, IfNotPresent.
+ // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ // Cannot be updated.
+ // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ // +optional
+ ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty" protobuf:"bytes,14,opt,name=imagePullPolicy,casttype=PullPolicy"`
+ // SecurityContext defines the security options the container should be run with.
+ // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ // +optional
+ SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty" protobuf:"bytes,15,opt,name=securityContext"`
+ // Variables for interactive containers, these have very specialized use-cases (e.g. debugging)
+ // and shouldn't be used for general purpose containers.
+ // Whether this container should allocate a buffer for stdin in the container runtime. If this
+ // is not set, reads from stdin in the container will always result in EOF.
+ // Default is false.
+ // +optional
+ Stdin bool `json:"stdin,omitempty" protobuf:"varint,16,opt,name=stdin"`
+ // Whether the container runtime should close the stdin channel after it has been opened by
+ // a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ // at which time stdin is closed and remains closed until the container is restarted. If this
+ // flag is false, a container processes that reads from stdin will never receive an EOF.
+ // Default is false
+ // +optional
+ StdinOnce bool `json:"stdinOnce,omitempty" protobuf:"varint,17,opt,name=stdinOnce"`
+ // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ // Default is false.
+ // +optional
+ TTY bool `json:"tty,omitempty" protobuf:"varint,18,opt,name=tty"`
+// ToContainer converts to Kubernetes Container API.
+func (f *ContainerSpec) ToContainer() corev1.Container {
+ return corev1.Container{
+ Name: DefaultContainerName,
+ Image: f.Image,
+ Command: f.Command,
+ Args: f.Args,
+ Ports: f.Ports,
+ EnvFrom: f.EnvFrom,
+ Env: f.Env,
+ Resources: f.Resources,
+ ResizePolicy: f.ResizePolicy,
+ VolumeMounts: f.VolumeMounts,
+ VolumeDevices: f.VolumeDevices,
+ LivenessProbe: f.LivenessProbe,
+ ReadinessProbe: f.ReadinessProbe,
+ StartupProbe: f.StartupProbe,
+ Lifecycle: f.Lifecycle,
+ TerminationMessagePath: f.TerminationMessagePath,
+ TerminationMessagePolicy: f.TerminationMessagePolicy,
+ ImagePullPolicy: f.ImagePullPolicy,
+ SecurityContext: f.SecurityContext,
+ Stdin: f.Stdin,
+ StdinOnce: f.StdinOnce,
+ TTY: f.TTY,
+ }
+// PodSpec describes the PodSpec for the internal deployments based on the default Kubernetes PodSpec API
+type PodSpec struct {
+ // List of volumes that can be mounted by containers belonging to the pod.
+ // More info: https://kubernetes.io/docs/concepts/storage/volumes
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge,retainKeys
+ Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"`
+ // List of initialization containers belonging to the pod.
+ // Init containers are executed in order prior to containers being started. If any
+ // init container fails, the pod is considered to have failed and is handled according
+ // to its restartPolicy. The name for an init container or normal container must be
+ // unique among all containers.
+ // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ // The resourceRequirements of an init container are taken into account during scheduling
+ // by finding the highest request/limit for each resource type, and then using the max of
+ // of that value or the sum of the normal containers. Limits are applied to init containers
+ // in a similar fashion.
+ // Init containers cannot currently be added or removed.
+ // Cannot be updated.
+ // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ InitContainers []corev1.Container `json:"initContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,20,rep,name=initContainers"`
+ // List of containers belonging to the pod.
+ // Containers cannot currently be added or removed.
+ // There must be at least one container in a Pod.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ Containers []corev1.Container `json:"containers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=containers"`
+ // Restart policy for all containers within the pod.
+ // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+ // Default to Always.
+ // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+ // +optional
+ RestartPolicy corev1.RestartPolicy `json:"restartPolicy,omitempty" protobuf:"bytes,3,opt,name=restartPolicy,casttype=RestartPolicy"`
+ // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+ // Value must be non-negative integer. The value zero indicates stop immediately via
+ // the kill signal (no opportunity to shut down).
+ // If this value is nil, the default grace period will be used instead.
+ // The grace period is the duration in seconds after the processes running in the pod are sent
+ // a termination signal and the time when the processes are forcibly halted with a kill signal.
+ // Set this value longer than the expected cleanup time for your process.
+ // Defaults to 30 seconds.
+ // +optional
+ TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty" protobuf:"varint,4,opt,name=terminationGracePeriodSeconds"`
+ // Optional duration in seconds the pod may be active on the node relative to
+ // StartTime before the system will actively try to mark it failed and kill associated containers.
+ // Value must be a positive integer.
+ // +optional
+ ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty" protobuf:"varint,5,opt,name=activeDeadlineSeconds"`
+ // Set DNS policy for the pod.
+ // Defaults to "ClusterFirst".
+ // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+ // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+ // To have DNS options set along with hostNetwork, you have to specify DNS policy
+ // explicitly to 'ClusterFirstWithHostNet'.
+ // +optional
+ DNSPolicy corev1.DNSPolicy `json:"dnsPolicy,omitempty" protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"`
+ // NodeSelector is a selector which must be true for the pod to fit on a node.
+ // Selector which must match a node's labels for the pod to be scheduled on that node.
+ // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ // +optional
+ // +mapType=atomic
+ NodeSelector map[string]string `json:"nodeSelector,omitempty" protobuf:"bytes,7,rep,name=nodeSelector"`
+ // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ // +optional
+ ServiceAccountName string `json:"serviceAccountName,omitempty" protobuf:"bytes,8,opt,name=serviceAccountName"`
+ // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ // +optional
+ AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty" protobuf:"varint,21,opt,name=automountServiceAccountToken"`
+ // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+ // the scheduler simply schedules this pod onto that node, assuming that it fits resource
+ // requirements.
+ // +optional
+ NodeName string `json:"nodeName,omitempty" protobuf:"bytes,10,opt,name=nodeName"`
+ // Host networking requested for this pod. Use the host's network namespace.
+ // If this option is set, the ports that will be used must be specified.
+ // Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,11,opt,name=hostNetwork"`
+ // Use the host's pid namespace.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostPID bool `json:"hostPID,omitempty" protobuf:"varint,12,opt,name=hostPID"`
+ // Use the host's ipc namespace.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,13,opt,name=hostIPC"`
+ // Share a single process namespace between all of the containers in a pod.
+ // When this is set containers will be able to view and signal processes from other containers
+ // in the same pod, and the first process in each container will not be assigned PID 1.
+ // HostPID and ShareProcessNamespace cannot both be set.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty" protobuf:"varint,27,opt,name=shareProcessNamespace"`
+ // SecurityContext holds pod-level security attributes and common container settings.
+ // Optional: Defaults to empty. See type description for default values of each field.
+ // +optional
+ SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty" protobuf:"bytes,14,opt,name=securityContext"`
+ // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ // If specified, these secrets will be passed to individual puller implementations for them to use.
+ // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"`
+ // Specifies the hostname of the Pod
+ // If not specified, the pod's hostname will be set to a system-defined value.
+ // +optional
+ Hostname string `json:"hostname,omitempty" protobuf:"bytes,16,opt,name=hostname"`
+ // If specified, the fully qualified Pod hostname will be "...svc.".
+ // If not specified, the pod will not have a domainname at all.
+ // +optional
+ Subdomain string `json:"subdomain,omitempty" protobuf:"bytes,17,opt,name=subdomain"`
+ // If specified, the pod's scheduling constraints
+ // +optional
+ Affinity *corev1.Affinity `json:"affinity,omitempty" protobuf:"bytes,18,opt,name=affinity"`
+ // If specified, the pod will be dispatched by specified scheduler.
+ // If not specified, the pod will be dispatched by default scheduler.
+ // +optional
+ SchedulerName string `json:"schedulerName,omitempty" protobuf:"bytes,19,opt,name=schedulerName"`
+ // If specified, the pod's tolerations.
+ // +optional
+ Tolerations []corev1.Toleration `json:"tolerations,omitempty" protobuf:"bytes,22,opt,name=tolerations"`
+ // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ // file if specified. This is only valid for non-hostNetwork pods.
+ // +optional
+ // +patchMergeKey=ip
+ // +patchStrategy=merge
+ HostAliases []corev1.HostAlias `json:"hostAliases,omitempty" patchStrategy:"merge" patchMergeKey:"ip" protobuf:"bytes,23,rep,name=hostAliases"`
+ // If specified, indicates the pod's priority. "system-node-critical" and
+ // "system-cluster-critical" are two special keywords which indicate the
+ // highest priorities with the former being the highest priority. Any other
+ // name must be defined by creating a PriorityClass object with that name.
+ // If not specified, the pod priority will be default or zero if there is no
+ // default.
+ // +optional
+ PriorityClassName string `json:"priorityClassName,omitempty" protobuf:"bytes,24,opt,name=priorityClassName"`
+ // The priority value. Various system components use this field to find the
+ // priority of the pod. When Priority Admission Controller is enabled, it
+ // prevents users from setting this field. The admission controller populates
+ // this field from PriorityClassName.
+ // The higher the value, the higher the priority.
+ // +optional
+ Priority *int32 `json:"priority,omitempty" protobuf:"bytes,25,opt,name=priority"`
+ // Specifies the DNS parameters of a pod.
+ // Parameters specified here will be merged to the generated DNS
+ // configuration based on DNSPolicy.
+ // +optional
+ DNSConfig *corev1.PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"`
+ // If specified, all readiness gates will be evaluated for pod readiness.
+ // A pod is ready when all its containers are ready AND
+ // all conditions specified in the readiness gates have status equal to "True"
+ // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+ // +optional
+ ReadinessGates []corev1.PodReadinessGate `json:"readinessGates,omitempty" protobuf:"bytes,28,opt,name=readinessGates"`
+ // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+ // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
+ // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+ // empty definition that uses the default runtime handler.
+ // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+ // +optional
+ RuntimeClassName *string `json:"runtimeClassName,omitempty" protobuf:"bytes,29,opt,name=runtimeClassName"`
+ // EnableServiceLinks indicates whether information about services should be injected into pod's
+ // environment variables, matching the syntax of Docker links.
+ // Optional: Defaults to true.
+ // +optional
+ EnableServiceLinks *bool `json:"enableServiceLinks,omitempty" protobuf:"varint,30,opt,name=enableServiceLinks"`
+ // PreemptionPolicy is the Policy for preempting pods with lower priority.
+ // One of Never, PreemptLowerPriority.
+ // Defaults to PreemptLowerPriority if unset.
+ // +optional
+ PreemptionPolicy *corev1.PreemptionPolicy `json:"preemptionPolicy,omitempty" protobuf:"bytes,31,opt,name=preemptionPolicy"`
+ // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+ // This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+ // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+ // The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+ // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
+ // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
+ // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+ // +optional
+ Overhead corev1.ResourceList `json:"overhead,omitempty" protobuf:"bytes,32,opt,name=overhead"`
+ // TopologySpreadConstraints describes how a group of pods ought to spread across topology
+ // domains. Scheduler will schedule pods in a way which abides by the constraints.
+ // All topologySpreadConstraints are ANDed.
+ // +optional
+ // +patchMergeKey=topologyKey
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=topologyKey
+ // +listMapKey=whenUnsatisfiable
+ TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty" patchStrategy:"merge" patchMergeKey:"topologyKey" protobuf:"bytes,33,opt,name=topologySpreadConstraints"`
+ // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+ // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+ // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
+ // If a pod does not have FQDN, this has no effect.
+ // Default to false.
+ // +optional
+ SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty" protobuf:"varint,35,opt,name=setHostnameAsFQDN"`
+ // Specifies the OS of the containers in the pod.
+ // Some pod and container fields are restricted if this is set.
+ //
+ // If the OS field is set to linux, the following fields must be unset:
+ // -securityContext.windowsOptions
+ //
+ // If the OS field is set to windows, following fields must be unset:
+ // - spec.hostPID
+ // - spec.hostIPC
+ // - spec.hostUsers
+ // - spec.securityContext.seLinuxOptions
+ // - spec.securityContext.seccompProfile
+ // - spec.securityContext.fsGroup
+ // - spec.securityContext.fsGroupChangePolicy
+ // - spec.securityContext.sysctls
+ // - spec.shareProcessNamespace
+ // - spec.securityContext.runAsUser
+ // - spec.securityContext.runAsGroup
+ // - spec.securityContext.supplementalGroups
+ // - spec.containers[*].securityContext.seLinuxOptions
+ // - spec.containers[*].securityContext.seccompProfile
+ // - spec.containers[*].securityContext.capabilities
+ // - spec.containers[*].securityContext.readOnlyRootFilesystem
+ // - spec.containers[*].securityContext.privileged
+ // - spec.containers[*].securityContext.allowPrivilegeEscalation
+ // - spec.containers[*].securityContext.procMount
+ // - spec.containers[*].securityContext.runAsUser
+ // - spec.containers[*].securityContext.runAsGroup
+ // +optional
+ OS *corev1.PodOS `json:"os,omitempty" protobuf:"bytes,36,opt,name=os"`
+ // Use the host's user namespace.
+ // Optional: Default to true.
+ // If set to true or not present, the pod will be run in the host user namespace, useful
+ // for when the pod needs a feature only available to the host user namespace, such as
+ // loading a kernel module with CAP_SYS_MODULE.
+ // When set to false, a new userns is created for the pod. Setting false is useful for
+ // mitigating container breakout vulnerabilities even allowing users to run their
+ // containers as root without actually having root privileges on the host.
+ // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostUsers *bool `json:"hostUsers,omitempty" protobuf:"bytes,37,opt,name=hostUsers"`
+ // SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+ // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+ // scheduler will not attempt to schedule the pod.
+ //
+ // SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+ //
+ // This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+ //
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=name
+ // +featureGate=PodSchedulingReadiness
+ // +optional
+ SchedulingGates []corev1.PodSchedulingGate `json:"schedulingGates,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,38,opt,name=schedulingGates"`
+ // ResourceClaims defines which ResourceClaims must be allocated
+ // and reserved before the Pod is allowed to start. The resources
+ // will be made available to those containers which consume them
+ // by name.
+ //
+ // This is an alpha field and requires enabling the
+ // DynamicResourceAllocation feature gate.
+ //
+ // This field is immutable.
+ //
+ // +patchMergeKey=name
+ // +patchStrategy=merge,retainKeys
+ // +listType=map
+ // +listMapKey=name
+ // +featureGate=DynamicResourceAllocation
+ // +optional
+ ResourceClaims []corev1.PodResourceClaim `json:"resourceClaims,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,39,rep,name=resourceClaims"`
+func (f *PodSpec) ToPodSpec() corev1.PodSpec {
+ return corev1.PodSpec{
+ Volumes: f.Volumes,
+ InitContainers: f.InitContainers,
+ Containers: f.Containers,
+ RestartPolicy: f.RestartPolicy,
+ TerminationGracePeriodSeconds: f.TerminationGracePeriodSeconds,
+ ActiveDeadlineSeconds: f.ActiveDeadlineSeconds,
+ DNSPolicy: f.DNSPolicy,
+ NodeSelector: f.NodeSelector,
+ ServiceAccountName: f.ServiceAccountName,
+ AutomountServiceAccountToken: f.AutomountServiceAccountToken,
+ NodeName: f.NodeName,
+ HostNetwork: f.HostNetwork,
+ HostPID: f.HostPID,
+ HostIPC: f.HostIPC,
+ ShareProcessNamespace: f.ShareProcessNamespace,
+ SecurityContext: f.SecurityContext,
+ ImagePullSecrets: f.ImagePullSecrets,
+ Hostname: f.Hostname,
+ Subdomain: f.Subdomain,
+ Affinity: f.Affinity,
+ SchedulerName: f.SchedulerName,
+ Tolerations: f.Tolerations,
+ HostAliases: f.HostAliases,
+ PriorityClassName: f.PriorityClassName,
+ Priority: f.Priority,
+ DNSConfig: f.DNSConfig,
+ ReadinessGates: f.ReadinessGates,
+ RuntimeClassName: f.RuntimeClassName,
+ EnableServiceLinks: f.EnableServiceLinks,
+ PreemptionPolicy: f.PreemptionPolicy,
+ Overhead: f.Overhead,
+ TopologySpreadConstraints: f.TopologySpreadConstraints,
+ SetHostnameAsFQDN: f.SetHostnameAsFQDN,
+ OS: f.OS,
+ HostUsers: f.HostUsers,
+ SchedulingGates: f.SchedulingGates,
+ ResourceClaims: f.ResourceClaims,
+ }
+// PodTemplateSpec describes the desired custom Kubernetes PodTemplate definition for the deployed flow or service.
+// The ContainerSpec describes the container where the actual flow or service is running. It will override any default definitions.
+// For example, to override the image one can use `.spec.podTemplate.container.image = my/image:tag`.
+type PodTemplateSpec struct {
+ // Container is the Kubernetes container where the application should run.
+ // One can change this attribute in order to override the defaults provided by the operator.
+ // +optional
+ Container ContainerSpec `json:"container,omitempty"`
+ // +optional
+ PodSpec `json:",inline"`
+ // +optional
+ Replicas *int32 `json:"replicas,omitempty"`
diff --git a/packages/sonataflow-operator/api/v1alpha08/sonataflow_persistence_types.go b/packages/sonataflow-operator/api/v1alpha08/sonataflow_persistence_types.go
index 77c9f0ad3b5..844809375bf 100644
--- a/packages/sonataflow-operator/api/v1alpha08/sonataflow_persistence_types.go
+++ b/packages/sonataflow-operator/api/v1alpha08/sonataflow_persistence_types.go
@@ -48,11 +48,16 @@ type PlatformPersistencePostgreSQL struct {
// the operator will add the necessary JDBC properties to in the workflow's application.properties so that it can communicate
// with the persistence service based on the spec provided here.
// +optional
-// +kubebuilder:validation:MaxProperties=1
+// +kubebuilder:validation:MaxProperties=2
type PersistenceOptionsSpec struct {
// Connect configured services to a postgresql database.
// +optional
PostgreSQL *PersistencePostgreSQL `json:"postgresql,omitempty"`
+ // Whether to migrate database on service startup?
+ // +optional
+ // +default: false
+ MigrateDBOnStartUp bool `json:"migrateDBOnStartUp"`
// PersistencePostgreSQL configure postgresql connection for service(s).
diff --git a/packages/sonataflow-operator/api/v1alpha08/sonataflow_types.go b/packages/sonataflow-operator/api/v1alpha08/sonataflow_types.go
index 7eeba0308d3..7b6091eaf3e 100644
--- a/packages/sonataflow-operator/api/v1alpha08/sonataflow_types.go
+++ b/packages/sonataflow-operator/api/v1alpha08/sonataflow_types.go
@@ -31,524 +31,19 @@ import (
const DefaultContainerName = "workflow"
-// ContainerSpec is the container for the internal deployments based on the default Kubernetes Container API
-type ContainerSpec struct {
- // Container image name.
- // More info: https://kubernetes.io/docs/concepts/containers/images
- // This field is optional to allow higher level config management to default or override
- // container images in workload controllers like Deployments and StatefulSets.
- // +optional
- Image string `json:"image,omitempty" protobuf:"bytes,2,opt,name=image"`
- // Entrypoint array. Not executed within a shell.
- // The container image's ENTRYPOINT is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- Command []string `json:"command,omitempty" protobuf:"bytes,3,rep,name=command"`
- // Arguments to the entrypoint.
- // The container image's CMD is used if this is not provided.
- // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- // of whether the variable exists or not. Cannot be updated.
- // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- // +optional
- Args []string `json:"args,omitempty" protobuf:"bytes,4,rep,name=args"`
- // List of ports to expose from the container. Not specifying a port here
- // DOES NOT prevent that port from being exposed. Any port which is
- // listening on the default "" address inside a container will be
- // accessible from the network.
- // Modifying this array with strategic merge patch may corrupt the data.
- // For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=containerPort
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=containerPort
- // +listMapKey=protocol
- Ports []corev1.ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
- // List of sources to populate environment variables in the container.
- // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- // will be reported as an event when the container is starting. When a key exists in multiple
- // sources, the value associated with the last source will take precedence.
- // Values defined by an Env with a duplicate key will take precedence.
- // Cannot be updated.
- // +optional
- EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty" protobuf:"bytes,19,rep,name=envFrom"`
- // List of environment variables to set in the container.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- Env []corev1.EnvVar `json:"env,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=env"`
- // Compute Resources required by this container.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- // +optional
- Resources corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,8,opt,name=resources"`
- // Resources resize policy for the container.
- // +featureGate=InPlacePodVerticalScaling
- // +optional
- // +listType=atomic
- ResizePolicy []corev1.ContainerResizePolicy `json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"`
- // Pod volumes to mount into the container's filesystem.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=mountPath
- // +patchStrategy=merge
- VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty" patchStrategy:"merge" patchMergeKey:"mountPath" protobuf:"bytes,9,rep,name=volumeMounts"`
- // volumeDevices is the list of block devices to be used by the container.
- // +patchMergeKey=devicePath
- // +patchStrategy=merge
- // +optional
- VolumeDevices []corev1.VolumeDevice `json:"volumeDevices,omitempty" patchStrategy:"merge" patchMergeKey:"devicePath" protobuf:"bytes,21,rep,name=volumeDevices"`
- // Periodic probe of container liveness.
- // Container will be restarted if the probe fails.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty" protobuf:"bytes,10,opt,name=livenessProbe"`
- // Periodic probe of container service readiness.
- // Container will be removed from service endpoints if the probe fails.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty" protobuf:"bytes,11,opt,name=readinessProbe"`
- // StartupProbe indicates that the Pod has successfully initialized.
- // If specified, no other probes are executed until this completes successfully.
- // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
- // when it might take a long time to load data or warm a cache, than during steady-state operation.
- // This cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- // +optional
- StartupProbe *corev1.Probe `json:"startupProbe,omitempty" protobuf:"bytes,22,opt,name=startupProbe"`
- // Actions that the management system should take in response to container lifecycle events.
- // Cannot be updated.
- // +optional
- Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty" protobuf:"bytes,12,opt,name=lifecycle"`
- // Optional: Path at which the file to which the container's termination message
- // will be written is mounted into the container's filesystem.
- // Message written is intended to be brief final status, such as an assertion failure message.
- // Will be truncated by the node if greater than 4096 bytes. The total message length across
- // all containers will be limited to 12kb.
- // Defaults to /dev/termination-log.
- // Cannot be updated.
- // +optional
- TerminationMessagePath string `json:"terminationMessagePath,omitempty" protobuf:"bytes,13,opt,name=terminationMessagePath"`
- // Indicate how the termination message should be populated. File will use the contents of
- // terminationMessagePath to populate the container status message on both success and failure.
- // FallbackToLogsOnError will use the last chunk of container log output if the termination
- // message file is empty and the container exited with an error.
- // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- // Defaults to File.
- // Cannot be updated.
- // +optional
- TerminationMessagePolicy corev1.TerminationMessagePolicy `json:"terminationMessagePolicy,omitempty" protobuf:"bytes,20,opt,name=terminationMessagePolicy,casttype=TerminationMessagePolicy"`
- // Image pull policy.
- // One of Always, Never, IfNotPresent.
- // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- // +optional
- ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty" protobuf:"bytes,14,opt,name=imagePullPolicy,casttype=PullPolicy"`
- // SecurityContext defines the security options the container should be run with.
- // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- // +optional
- SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty" protobuf:"bytes,15,opt,name=securityContext"`
- // Variables for interactive containers, these have very specialized use-cases (e.g. debugging)
- // and shouldn't be used for general purpose containers.
- // Whether this container should allocate a buffer for stdin in the container runtime. If this
- // is not set, reads from stdin in the container will always result in EOF.
- // Default is false.
- // +optional
- Stdin bool `json:"stdin,omitempty" protobuf:"varint,16,opt,name=stdin"`
- // Whether the container runtime should close the stdin channel after it has been opened by
- // a single attach. When stdin is true the stdin stream will remain open across multiple attach
- // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- // at which time stdin is closed and remains closed until the container is restarted. If this
- // flag is false, a container processes that reads from stdin will never receive an EOF.
- // Default is false
- // +optional
- StdinOnce bool `json:"stdinOnce,omitempty" protobuf:"varint,17,opt,name=stdinOnce"`
- // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- // Default is false.
- // +optional
- TTY bool `json:"tty,omitempty" protobuf:"varint,18,opt,name=tty"`
-// ToContainer converts to Kubernetes Container API.
-func (f *ContainerSpec) ToContainer() corev1.Container {
- return corev1.Container{
- Name: DefaultContainerName,
- Image: f.Image,
- Command: f.Command,
- Args: f.Args,
- Ports: f.Ports,
- EnvFrom: f.EnvFrom,
- Env: f.Env,
- Resources: f.Resources,
- ResizePolicy: f.ResizePolicy,
- VolumeMounts: f.VolumeMounts,
- VolumeDevices: f.VolumeDevices,
- LivenessProbe: f.LivenessProbe,
- ReadinessProbe: f.ReadinessProbe,
- StartupProbe: f.StartupProbe,
- Lifecycle: f.Lifecycle,
- TerminationMessagePath: f.TerminationMessagePath,
- TerminationMessagePolicy: f.TerminationMessagePolicy,
- ImagePullPolicy: f.ImagePullPolicy,
- SecurityContext: f.SecurityContext,
- Stdin: f.Stdin,
- StdinOnce: f.StdinOnce,
- TTY: f.TTY,
- }
-// PodSpec describes the PodSpec for the internal deployments based on the default Kubernetes PodSpec API
-type PodSpec struct {
- // List of volumes that can be mounted by containers belonging to the pod.
- // More info: https://kubernetes.io/docs/concepts/storage/volumes
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"`
- // List of initialization containers belonging to the pod.
- // Init containers are executed in order prior to containers being started. If any
- // init container fails, the pod is considered to have failed and is handled according
- // to its restartPolicy. The name for an init container or normal container must be
- // unique among all containers.
- // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
- // The resourceRequirements of an init container are taken into account during scheduling
- // by finding the highest request/limit for each resource type, and then using the max of
- // of that value or the sum of the normal containers. Limits are applied to init containers
- // in a similar fashion.
- // Init containers cannot currently be added or removed.
- // Cannot be updated.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- // +patchMergeKey=name
- // +patchStrategy=merge
- InitContainers []corev1.Container `json:"initContainers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,20,rep,name=initContainers"`
- // List of containers belonging to the pod.
- // Containers cannot currently be added or removed.
- // There must be at least one container in a Pod.
- // Cannot be updated.
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- Containers []corev1.Container `json:"containers,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=containers"`
- // Restart policy for all containers within the pod.
- // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
- // Default to Always.
- // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
- // +optional
- RestartPolicy corev1.RestartPolicy `json:"restartPolicy,omitempty" protobuf:"bytes,3,opt,name=restartPolicy,casttype=RestartPolicy"`
- // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
- // Value must be non-negative integer. The value zero indicates stop immediately via
- // the kill signal (no opportunity to shut down).
- // If this value is nil, the default grace period will be used instead.
- // The grace period is the duration in seconds after the processes running in the pod are sent
- // a termination signal and the time when the processes are forcibly halted with a kill signal.
- // Set this value longer than the expected cleanup time for your process.
- // Defaults to 30 seconds.
- // +optional
- TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty" protobuf:"varint,4,opt,name=terminationGracePeriodSeconds"`
- // Optional duration in seconds the pod may be active on the node relative to
- // StartTime before the system will actively try to mark it failed and kill associated containers.
- // Value must be a positive integer.
- // +optional
- ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty" protobuf:"varint,5,opt,name=activeDeadlineSeconds"`
- // Set DNS policy for the pod.
- // Defaults to "ClusterFirst".
- // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
- // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
- // To have DNS options set along with hostNetwork, you have to specify DNS policy
- // explicitly to 'ClusterFirstWithHostNet'.
- // +optional
- DNSPolicy corev1.DNSPolicy `json:"dnsPolicy,omitempty" protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"`
- // NodeSelector is a selector which must be true for the pod to fit on a node.
- // Selector which must match a node's labels for the pod to be scheduled on that node.
- // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
- // +optional
- // +mapType=atomic
- NodeSelector map[string]string `json:"nodeSelector,omitempty" protobuf:"bytes,7,rep,name=nodeSelector"`
- // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
- // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
- // +optional
- ServiceAccountName string `json:"serviceAccountName,omitempty" protobuf:"bytes,8,opt,name=serviceAccountName"`
- // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
- // +optional
- AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty" protobuf:"varint,21,opt,name=automountServiceAccountToken"`
- // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
- // the scheduler simply schedules this pod onto that node, assuming that it fits resource
- // requirements.
- // +optional
- NodeName string `json:"nodeName,omitempty" protobuf:"bytes,10,opt,name=nodeName"`
- // Host networking requested for this pod. Use the host's network namespace.
- // If this option is set, the ports that will be used must be specified.
- // Default to false.
- // +k8s:conversion-gen=false
- // +optional
- HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,11,opt,name=hostNetwork"`
- // Use the host's pid namespace.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- HostPID bool `json:"hostPID,omitempty" protobuf:"varint,12,opt,name=hostPID"`
- // Use the host's ipc namespace.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,13,opt,name=hostIPC"`
- // Share a single process namespace between all of the containers in a pod.
- // When this is set containers will be able to view and signal processes from other containers
- // in the same pod, and the first process in each container will not be assigned PID 1.
- // HostPID and ShareProcessNamespace cannot both be set.
- // Optional: Default to false.
- // +k8s:conversion-gen=false
- // +optional
- ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty" protobuf:"varint,27,opt,name=shareProcessNamespace"`
- // SecurityContext holds pod-level security attributes and common container settings.
- // Optional: Defaults to empty. See type description for default values of each field.
- // +optional
- SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty" protobuf:"bytes,14,opt,name=securityContext"`
- // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
- // If specified, these secrets will be passed to individual puller implementations for them to use.
- // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
- // +optional
- // +patchMergeKey=name
- // +patchStrategy=merge
- ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,15,rep,name=imagePullSecrets"`
- // Specifies the hostname of the Pod
- // If not specified, the pod's hostname will be set to a system-defined value.
- // +optional
- Hostname string `json:"hostname,omitempty" protobuf:"bytes,16,opt,name=hostname"`
- // If specified, the fully qualified Pod hostname will be "...svc.".
- // If not specified, the pod will not have a domainname at all.
- // +optional
- Subdomain string `json:"subdomain,omitempty" protobuf:"bytes,17,opt,name=subdomain"`
- // If specified, the pod's scheduling constraints
- // +optional
- Affinity *corev1.Affinity `json:"affinity,omitempty" protobuf:"bytes,18,opt,name=affinity"`
- // If specified, the pod will be dispatched by specified scheduler.
- // If not specified, the pod will be dispatched by default scheduler.
- // +optional
- SchedulerName string `json:"schedulerName,omitempty" protobuf:"bytes,19,opt,name=schedulerName"`
- // If specified, the pod's tolerations.
- // +optional
- Tolerations []corev1.Toleration `json:"tolerations,omitempty" protobuf:"bytes,22,opt,name=tolerations"`
- // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
- // file if specified. This is only valid for non-hostNetwork pods.
- // +optional
- // +patchMergeKey=ip
- // +patchStrategy=merge
- HostAliases []corev1.HostAlias `json:"hostAliases,omitempty" patchStrategy:"merge" patchMergeKey:"ip" protobuf:"bytes,23,rep,name=hostAliases"`
- // If specified, indicates the pod's priority. "system-node-critical" and
- // "system-cluster-critical" are two special keywords which indicate the
- // highest priorities with the former being the highest priority. Any other
- // name must be defined by creating a PriorityClass object with that name.
- // If not specified, the pod priority will be default or zero if there is no
- // default.
- // +optional
- PriorityClassName string `json:"priorityClassName,omitempty" protobuf:"bytes,24,opt,name=priorityClassName"`
- // The priority value. Various system components use this field to find the
- // priority of the pod. When Priority Admission Controller is enabled, it
- // prevents users from setting this field. The admission controller populates
- // this field from PriorityClassName.
- // The higher the value, the higher the priority.
- // +optional
- Priority *int32 `json:"priority,omitempty" protobuf:"bytes,25,opt,name=priority"`
- // Specifies the DNS parameters of a pod.
- // Parameters specified here will be merged to the generated DNS
- // configuration based on DNSPolicy.
- // +optional
- DNSConfig *corev1.PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"`
- // If specified, all readiness gates will be evaluated for pod readiness.
- // A pod is ready when all its containers are ready AND
- // all conditions specified in the readiness gates have status equal to "True"
- // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
- // +optional
- ReadinessGates []corev1.PodReadinessGate `json:"readinessGates,omitempty" protobuf:"bytes,28,opt,name=readinessGates"`
- // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
- // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
- // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
- // empty definition that uses the default runtime handler.
- // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
- // +optional
- RuntimeClassName *string `json:"runtimeClassName,omitempty" protobuf:"bytes,29,opt,name=runtimeClassName"`
- // EnableServiceLinks indicates whether information about services should be injected into pod's
- // environment variables, matching the syntax of Docker links.
- // Optional: Defaults to true.
- // +optional
- EnableServiceLinks *bool `json:"enableServiceLinks,omitempty" protobuf:"varint,30,opt,name=enableServiceLinks"`
- // PreemptionPolicy is the Policy for preempting pods with lower priority.
- // One of Never, PreemptLowerPriority.
- // Defaults to PreemptLowerPriority if unset.
- // +optional
- PreemptionPolicy *corev1.PreemptionPolicy `json:"preemptionPolicy,omitempty" protobuf:"bytes,31,opt,name=preemptionPolicy"`
- // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
- // This field will be autopopulated at admission time by the RuntimeClass admission controller. If
- // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
- // The RuntimeClass admission controller will reject Pod create requests which have the overhead already
- // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
- // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
- // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
- // +optional
- Overhead corev1.ResourceList `json:"overhead,omitempty" protobuf:"bytes,32,opt,name=overhead"`
- // TopologySpreadConstraints describes how a group of pods ought to spread across topology
- // domains. Scheduler will schedule pods in a way which abides by the constraints.
- // All topologySpreadConstraints are ANDed.
- // +optional
- // +patchMergeKey=topologyKey
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=topologyKey
- // +listMapKey=whenUnsatisfiable
- TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty" patchStrategy:"merge" patchMergeKey:"topologyKey" protobuf:"bytes,33,opt,name=topologySpreadConstraints"`
- // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
- // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
- // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
- // If a pod does not have FQDN, this has no effect.
- // Default to false.
- // +optional
- SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty" protobuf:"varint,35,opt,name=setHostnameAsFQDN"`
- // Specifies the OS of the containers in the pod.
- // Some pod and container fields are restricted if this is set.
- //
- // If the OS field is set to linux, the following fields must be unset:
- // -securityContext.windowsOptions
- //
- // If the OS field is set to windows, following fields must be unset:
- // - spec.hostPID
- // - spec.hostIPC
- // - spec.hostUsers
- // - spec.securityContext.seLinuxOptions
- // - spec.securityContext.seccompProfile
- // - spec.securityContext.fsGroup
- // - spec.securityContext.fsGroupChangePolicy
- // - spec.securityContext.sysctls
- // - spec.shareProcessNamespace
- // - spec.securityContext.runAsUser
- // - spec.securityContext.runAsGroup
- // - spec.securityContext.supplementalGroups
- // - spec.containers[*].securityContext.seLinuxOptions
- // - spec.containers[*].securityContext.seccompProfile
- // - spec.containers[*].securityContext.capabilities
- // - spec.containers[*].securityContext.readOnlyRootFilesystem
- // - spec.containers[*].securityContext.privileged
- // - spec.containers[*].securityContext.allowPrivilegeEscalation
- // - spec.containers[*].securityContext.procMount
- // - spec.containers[*].securityContext.runAsUser
- // - spec.containers[*].securityContext.runAsGroup
- // +optional
- OS *corev1.PodOS `json:"os,omitempty" protobuf:"bytes,36,opt,name=os"`
- // Use the host's user namespace.
- // Optional: Default to true.
- // If set to true or not present, the pod will be run in the host user namespace, useful
- // for when the pod needs a feature only available to the host user namespace, such as
- // loading a kernel module with CAP_SYS_MODULE.
- // When set to false, a new userns is created for the pod. Setting false is useful for
- // mitigating container breakout vulnerabilities even allowing users to run their
- // containers as root without actually having root privileges on the host.
- // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
- // +k8s:conversion-gen=false
- // +optional
- HostUsers *bool `json:"hostUsers,omitempty" protobuf:"bytes,37,opt,name=hostUsers"`
- // SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
- // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
- // scheduler will not attempt to schedule the pod.
- //
- // SchedulingGates can only be set at pod creation time, and be removed only afterwards.
- //
- // This is a beta feature enabled by the PodSchedulingReadiness feature gate.
- //
- // +patchMergeKey=name
- // +patchStrategy=merge
- // +listType=map
- // +listMapKey=name
- // +featureGate=PodSchedulingReadiness
- // +optional
- SchedulingGates []corev1.PodSchedulingGate `json:"schedulingGates,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,38,opt,name=schedulingGates"`
- // ResourceClaims defines which ResourceClaims must be allocated
- // and reserved before the Pod is allowed to start. The resources
- // will be made available to those containers which consume them
- // by name.
- //
- // This is an alpha field and requires enabling the
- // DynamicResourceAllocation feature gate.
- //
- // This field is immutable.
- //
- // +patchMergeKey=name
- // +patchStrategy=merge,retainKeys
- // +listType=map
- // +listMapKey=name
- // +featureGate=DynamicResourceAllocation
- // +optional
- ResourceClaims []corev1.PodResourceClaim `json:"resourceClaims,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,39,rep,name=resourceClaims"`
-func (f *PodSpec) ToPodSpec() corev1.PodSpec {
- return corev1.PodSpec{
- Volumes: f.Volumes,
- InitContainers: f.InitContainers,
- Containers: f.Containers,
- RestartPolicy: f.RestartPolicy,
- TerminationGracePeriodSeconds: f.TerminationGracePeriodSeconds,
- ActiveDeadlineSeconds: f.ActiveDeadlineSeconds,
- DNSPolicy: f.DNSPolicy,
- NodeSelector: f.NodeSelector,
- ServiceAccountName: f.ServiceAccountName,
- AutomountServiceAccountToken: f.AutomountServiceAccountToken,
- NodeName: f.NodeName,
- HostNetwork: f.HostNetwork,
- HostPID: f.HostPID,
- HostIPC: f.HostIPC,
- ShareProcessNamespace: f.ShareProcessNamespace,
- SecurityContext: f.SecurityContext,
- ImagePullSecrets: f.ImagePullSecrets,
- Hostname: f.Hostname,
- Subdomain: f.Subdomain,
- Affinity: f.Affinity,
- SchedulerName: f.SchedulerName,
- Tolerations: f.Tolerations,
- HostAliases: f.HostAliases,
- PriorityClassName: f.PriorityClassName,
- Priority: f.Priority,
- DNSConfig: f.DNSConfig,
- ReadinessGates: f.ReadinessGates,
- RuntimeClassName: f.RuntimeClassName,
- EnableServiceLinks: f.EnableServiceLinks,
- PreemptionPolicy: f.PreemptionPolicy,
- Overhead: f.Overhead,
- TopologySpreadConstraints: f.TopologySpreadConstraints,
- SetHostnameAsFQDN: f.SetHostnameAsFQDN,
- OS: f.OS,
- HostUsers: f.HostUsers,
- SchedulingGates: f.SchedulingGates,
- ResourceClaims: f.ResourceClaims,
- }
+// DeploymentModel defines how a given pod will be deployed
+// +kubebuilder:validation:Enum=kubernetes;knative
+type DeploymentModel string
+const (
+ // KubernetesDeploymentModel defines a PodSpec to be deployed as a regular Kubernetes Deployment
+ KubernetesDeploymentModel DeploymentModel = "kubernetes"
+ // KnativeDeploymentModel defines a PodSpec to be deployed as a Knative Serving Service
+ KnativeDeploymentModel DeploymentModel = "knative"
-// PodTemplateSpec describes the desired custom Kubernetes PodTemplate definition for the deployed flow or service.
-// The ContainerSpec describes the container where the actual flow or service is running. It will override any default definitions.
-// For example, to override the image one can use `.spec.podTemplate.container.image = my/image:tag`.
-type PodTemplateSpec struct {
+// FlowPodTemplateSpec is a special PodTemplateSpec designed for SonataFlow deployments
+type FlowPodTemplateSpec struct {
// Container is the Kubernetes container where the application should run.
// One can change this attribute in order to override the defaults provided by the operator.
// +optional
@@ -556,7 +51,11 @@ type PodTemplateSpec struct {
// +optional
PodSpec `json:",inline"`
// +optional
+ // Replicas define the number of pods to start by default for this deployment model. Ignored in "knative" deployment model.
Replicas *int32 `json:"replicas,omitempty"`
+ // Defines the kind of deployment model for this pod spec. In dev profile, only "kubernetes" is valid.
+ // +optional
+ DeploymentModel DeploymentModel `json:"deploymentModel,omitempty"`
// Flow describes the contents of the Workflow definition following the CNCF Serverless Workflow Specification.
@@ -656,12 +155,24 @@ type SonataFlowSpec struct {
Resources WorkflowResources `json:"resources,omitempty"`
// PodTemplate describes the deployment details of this SonataFlow instance.
- PodTemplate PodTemplateSpec `json:"podTemplate,omitempty"`
+ PodTemplate FlowPodTemplateSpec `json:"podTemplate,omitempty"`
// Persistence defines the database persistence configuration for the workflow
Persistence *PersistenceOptionsSpec `json:"persistence,omitempty"`
// Sink describes the sinkBinding details of this SonataFlow instance.
Sink *duckv1.Destination `json:"sink,omitempty"`
+ // Sources describes the list of sources used to create triggers for events consumed by this SonataFlow instance.
+ //+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="sources"
+ Sources []SonataFlowSourceSpec `json:"sources,omitempty"`
+// SonataFlowSourceSpec defines the desired state of a source used for trigger creation
+// +k8s:openapi-gen=true
+type SonataFlowSourceSpec struct {
+ // Defines the eventType to filter the events
+ EventType string `json:"eventType"`
+ // Defines the broker used
+ duckv1.Destination `json:",inline"`
// SonataFlowStatus defines the observed state of SonataFlow
@@ -683,6 +194,24 @@ type SonataFlowStatus struct {
// Services displays which platform services are being used by this workflow
Services *PlatformServicesStatus `json:"services,omitempty"`
+ // Platform displays which platform is being used by this workflow
+ //+operator-sdk:csv:customresourcedefinitions:type=status,displayName="platform"
+ Platform *SonataFlowPlatformRef `json:"platform,omitempty"`
+ // Triggers list of triggers created for the SonataFlow
+ //+operator-sdk:csv:customresourcedefinitions:type=status,displayName="triggers"
+ Triggers []SonataFlowTriggerRef `json:"triggers,omitempty"`
+ //+operator-sdk:csv:customresourcedefinitions:type=status,displayName="flowRevision"
+ FlowCRC uint32 `json:"flowCRC,omitempty"`
+// SonataFlowTriggerRef defines a trigger created for the SonataFlow.
+type SonataFlowTriggerRef struct {
+ // Name of the Trigger
+ //+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Trigger_Name"
+ Name string `json:"name"`
+ // Namespace of the Trigger
+ //+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Trigger_NS"
+ Namespace string `json:"namespace"`
func (s *SonataFlowStatus) GetTopLevelConditionType() api.ConditionType {
@@ -752,9 +281,11 @@ func (s *SonataFlowStatus) IsBuildFailed() bool {
// +kubebuilder:printcolumn:name="Reason",type=string,JSONPath=`.status.conditions[?(@.type=='Running')].reason`
// +operator-sdk:csv:customresourcedefinitions:resources={{SonataFlowBuild,sonataflow.org/v1alpha08,"A SonataFlow Build"}}
// +operator-sdk:csv:customresourcedefinitions:resources={{Deployment,apps/v1,"A Deployment for the Flow"}}
+// +operator-sdk:csv:customresourcedefinitions:resources={{Service,serving.knative.dev/v1,"A Knative Serving Service for the Flow"}}
// +operator-sdk:csv:customresourcedefinitions:resources={{Service,v1,"A Service for the Flow"}}
// +operator-sdk:csv:customresourcedefinitions:resources={{Route,route.openshift.io/v1,"An OpenShift Route for the Flow"}}
// +operator-sdk:csv:customresourcedefinitions:resources={{ConfigMap,v1,"The ConfigMaps with Flow definition and additional configuration files"}}
+// +operator-sdk:csv:customresourcedefinitions:displayName="SonataFlow"
type SonataFlow struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -763,6 +294,10 @@ type SonataFlow struct {
Status SonataFlowStatus `json:"status,omitempty"`
+func (s *SonataFlow) IsKnativeDeployment() bool {
+ return s.Spec.PodTemplate.DeploymentModel == KnativeDeploymentModel
func (s *SonataFlow) HasContainerSpecImage() bool {
return len(s.Spec.PodTemplate.Container.Image) > 0
diff --git a/packages/sonataflow-operator/api/v1alpha08/sonataflowbuild_types.go b/packages/sonataflow-operator/api/v1alpha08/sonataflowbuild_types.go
index 6c166f9644c..bc8aaa326e1 100644
--- a/packages/sonataflow-operator/api/v1alpha08/sonataflowbuild_types.go
+++ b/packages/sonataflow-operator/api/v1alpha08/sonataflowbuild_types.go
@@ -22,10 +22,11 @@ package v1alpha08
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
type BuildPhase string
@@ -145,6 +146,7 @@ func (k *SonataFlowBuildStatus) GetInnerBuild(innerBuild interface{}) error {
// +kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.buildPhase`
// +kubebuilder:resource:shortName={"sfb", "sfbuild", "sfbuilds"}
// +operator-sdk:csv:customresourcedefinitions:resources={{BuildConfig,build.openshift.io/v1,"An Openshift Build Config"}}
+// +operator-sdk:csv:customresourcedefinitions:displayName="SonataFlowBuild"
type SonataFlowBuild struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
diff --git a/packages/sonataflow-operator/api/v1alpha08/sonataflowclusterplatform_types.go b/packages/sonataflow-operator/api/v1alpha08/sonataflowclusterplatform_types.go
index 3068ecdacad..e3a0f83b3f7 100644
--- a/packages/sonataflow-operator/api/v1alpha08/sonataflowclusterplatform_types.go
+++ b/packages/sonataflow-operator/api/v1alpha08/sonataflowclusterplatform_types.go
@@ -16,8 +16,9 @@
package v1alpha08
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
const (
@@ -93,6 +94,7 @@ func (in *SonataFlowClusterPlatformStatus) IsDuplicated() bool {
// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=='Succeed')].status`
// +kubebuilder:printcolumn:name="Reason",type=string,JSONPath=`.status.conditions[?(@.type=='Succeed')].reason`
// +operator-sdk:csv:customresourcedefinitions:resources={{SonataFlowPlatform,sonataflow.org/v1alpha08,"A SonataFlow Platform"}}
+// +operator-sdk:csv:customresourcedefinitions:displayName="SonataFlowClusterPlatform"
type SonataFlowClusterPlatform struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
diff --git a/packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_services_types.go b/packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_services_types.go
index a16bc278281..a098d3a8f26 100644
--- a/packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_services_types.go
+++ b/packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_services_types.go
@@ -1,27 +1,57 @@
-// Copyright 2023 Red Hat, Inc. and/or its affiliates
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package v1alpha08
+import (
+ duckv1 "knative.dev/pkg/apis/duck/v1"
// ServicesPlatformSpec describes the desired service configuration for workflows without the `sonataflow.org/profile: dev` annotation.
type ServicesPlatformSpec struct {
// Deploys the Data Index service for use by workflows without the `sonataflow.org/profile: dev` annotation.
// +optional
- DataIndex *ServiceSpec `json:"dataIndex,omitempty"`
+ DataIndex *DataIndexServiceSpec `json:"dataIndex,omitempty"`
// Deploys the Job service for use by workflows without the `sonataflow.org/profile: dev` annotation.
// +optional
- JobService *ServiceSpec `json:"jobService,omitempty"`
+ JobService *JobServiceServiceSpec `json:"jobService,omitempty"`
+// DataIndexServiceSpec defines the desired state of Dataindex service
+// +k8s:openapi-gen=true
+type DataIndexServiceSpec struct {
+ // Defines the common spec of a platform service
+ ServiceSpec `json:",inline"`
+ // Defines the source where the Dataindex receives events from
+ // +optional
+ Source *duckv1.Destination `json:"source,omitempty"`
+// JobServiceServiceSpec defines the desired state of Jobservice service
+// +k8s:openapi-gen=true
+type JobServiceServiceSpec struct {
+ // Defines the common spec of a platform service
+ ServiceSpec `json:",inline"`
+ // Defines the sink where the Jobservice sends events to
+ // +optional
+ Sink *duckv1.Destination `json:"sink,omitempty"`
+ // Defines the source where the Jobservice receives events from
+ // +optional
+ Source *duckv1.Destination `json:"source,omitempty"`
// ServiceSpec defines the desired state of a platform service
diff --git a/packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_types.go b/packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_types.go
index e420adb59f5..433566470fd 100644
--- a/packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_types.go
+++ b/packages/sonataflow-operator/api/v1alpha08/sonataflowplatform_types.go
@@ -21,6 +21,7 @@ package v1alpha08
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ duckv1 "knative.dev/pkg/apis/duck/v1"
@@ -47,6 +48,9 @@ type SonataFlowPlatformSpec struct {
// +optional
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Services"
Services *ServicesPlatformSpec `json:"services,omitempty"`
+ // Eventing describes the information required for Knative Eventing integration in the platform.
+ // +optional
+ Eventing *PlatformEventingSpec `json:"eventing,omitempty"`
// Persistence defines the platform persistence configuration. When this field is set,
// the configuration is used as the persistence for platform services and SonataFlow instances
// that don't provide one of their own.
@@ -59,6 +63,27 @@ type SonataFlowPlatformSpec struct {
// These properties MAY NOT be propagated to a SonataFlowClusterPlatform since PropertyVarSource can only refer local context sources.
// +optional
Properties *PropertyPlatformSpec `json:"properties,omitempty"`
+ // Settings for Prometheus monitoring
+ // +optional
+ Monitoring *PlatformMonitoringOptionsSpec `json:"monitoring,omitempty"`
+// PlatformEventingSpec specifies the Knative Eventing integration details in the platform.
+// +k8s:openapi-gen=true
+type PlatformEventingSpec struct {
+ // Broker to communicate with workflow deployment. It can be the default broker when the workflow, Dataindex, or Jobservice does not have a sink or source specified.
+ // +optional
+ // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="broker"
+ Broker *duckv1.Destination `json:"broker,omitempty"`
+// PlatformMonitoringOptionsSpec specifies the settings for monitoring
+// +k8s:openapi-gen=true
+type PlatformMonitoringOptionsSpec struct {
+ // Enabled indicates whether monitoring with Prometheus metrics is enabled
+ // +optional
+ // +default: false
+ Enabled bool `json:"enabled,omitempty"`
// PlatformCluster is the kind of orchestration cluster the platform is installed into
@@ -89,12 +114,25 @@ type SonataFlowPlatformStatus struct {
// Version the operator version controlling this Platform
Version string `json:"version,omitempty"`
- // Info generic information related to the build
+ // Info generic information related to the Platform
Info map[string]string `json:"info,omitempty"`
// ClusterPlatformRef information related to the (optional) active SonataFlowClusterPlatform
ClusterPlatformRef *SonataFlowClusterPlatformRefStatus `json:"clusterPlatformRef,omitempty"`
+ // Triggers list of triggers created for the SonataFlowPlatform
+ //+operator-sdk:csv:customresourcedefinitions:type=status,displayName="triggers"
+ Triggers []SonataFlowPlatformTriggerRef `json:"triggers,omitempty"`
+// SonataFlowPlatformTriggerRef defines a trigger created for the SonataFlowPlatform.
+type SonataFlowPlatformTriggerRef struct {
+ // Name of the Trigger
+ //+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Trigger_Name"
+ Name string `json:"name"`
+ // Namespace of the Trigger
+ //+operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Trigger_NS"
+ Namespace string `json:"namespace"`
// SonataFlowClusterPlatformRefStatus information related to the (optional) active SonataFlowClusterPlatform
@@ -108,7 +146,7 @@ type SonataFlowClusterPlatformRefStatus struct {
Services *PlatformServicesStatus `json:"services,omitempty"`
-// PlatformServicesStatus displays which cluster-wide services are being used by a SonataFlowPlatform
+// PlatformServicesStatus displays which cluster-wide services are being used by a SonataFlowPlatform or SonataFlow
// +k8s:openapi-gen=true
type PlatformServicesStatus struct {
// DataIndexRef displays information on the cluster-wide Data Index service
@@ -170,6 +208,7 @@ func (in *SonataFlowPlatformStatus) IsFailure() bool {
// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=='Succeed')].status`
// +kubebuilder:printcolumn:name="Reason",type=string,JSONPath=`.status.conditions[?(@.type=='Succeed')].reason`
// +operator-sdk:csv:customresourcedefinitions:resources={{Namespace,v1,"The Namespace controlled by the platform"}}
+// +operator-sdk:csv:customresourcedefinitions:displayName="SonataFlowPlatform"
type SonataFlowPlatform struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
diff --git a/packages/sonataflow-operator/api/v1alpha08/zz_generated.deepcopy.go b/packages/sonataflow-operator/api/v1alpha08/zz_generated.deepcopy.go
index ad0a2d06b8f..e1ccae1731b 100644
--- a/packages/sonataflow-operator/api/v1alpha08/zz_generated.deepcopy.go
+++ b/packages/sonataflow-operator/api/v1alpha08/zz_generated.deepcopy.go
@@ -1,20 +1,23 @@
//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
// Code generated by controller-gen. DO NOT EDIT.
@@ -22,7 +25,7 @@ package v1alpha08
import (
- "k8s.io/api/core/v1"
+ v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -213,6 +216,27 @@ func (in *ContainerSpec) DeepCopy() *ContainerSpec {
return out
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DataIndexServiceSpec) DeepCopyInto(out *DataIndexServiceSpec) {
+ *out = *in
+ in.ServiceSpec.DeepCopyInto(&out.ServiceSpec)
+ if in.Source != nil {
+ in, out := &in.Source, &out.Source
+ *out = new(duckv1.Destination)
+ (*in).DeepCopyInto(*out)
+ }
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DataIndexServiceSpec.
+func (in *DataIndexServiceSpec) DeepCopy() *DataIndexServiceSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(DataIndexServiceSpec)
+ in.DeepCopyInto(out)
+ return out
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DevModePlatformSpec) DeepCopyInto(out *DevModePlatformSpec) {
*out = *in
@@ -244,7 +268,7 @@ func (in *Flow) DeepCopyInto(out *Flow) {
if in.DataInputSchema != nil {
in, out := &in.DataInputSchema, &out.DataInputSchema
*out = new(model.DataInputSchema)
- **out = **in
+ (*in).DeepCopyInto(*out)
if in.Secrets != nil {
in, out := &in.Secrets, &out.Secrets
@@ -320,6 +344,54 @@ func (in *Flow) DeepCopy() *Flow {
return out
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FlowPodTemplateSpec) DeepCopyInto(out *FlowPodTemplateSpec) {
+ *out = *in
+ in.Container.DeepCopyInto(&out.Container)
+ in.PodSpec.DeepCopyInto(&out.PodSpec)
+ if in.Replicas != nil {
+ in, out := &in.Replicas, &out.Replicas
+ *out = new(int32)
+ **out = **in
+ }
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlowPodTemplateSpec.
+func (in *FlowPodTemplateSpec) DeepCopy() *FlowPodTemplateSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(FlowPodTemplateSpec)
+ in.DeepCopyInto(out)
+ return out
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *JobServiceServiceSpec) DeepCopyInto(out *JobServiceServiceSpec) {
+ *out = *in
+ in.ServiceSpec.DeepCopyInto(&out.ServiceSpec)
+ if in.Sink != nil {
+ in, out := &in.Sink, &out.Sink
+ *out = new(duckv1.Destination)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.Source != nil {
+ in, out := &in.Source, &out.Source
+ *out = new(duckv1.Destination)
+ (*in).DeepCopyInto(*out)
+ }
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JobServiceServiceSpec.
+func (in *JobServiceServiceSpec) DeepCopy() *JobServiceServiceSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(JobServiceServiceSpec)
+ in.DeepCopyInto(out)
+ return out
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PersistenceOptionsSpec) DeepCopyInto(out *PersistenceOptionsSpec) {
*out = *in
@@ -361,6 +433,41 @@ func (in *PersistencePostgreSQL) DeepCopy() *PersistencePostgreSQL {
return out
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PlatformEventingSpec) DeepCopyInto(out *PlatformEventingSpec) {
+ *out = *in
+ if in.Broker != nil {
+ in, out := &in.Broker, &out.Broker
+ *out = new(duckv1.Destination)
+ (*in).DeepCopyInto(*out)
+ }
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformEventingSpec.
+func (in *PlatformEventingSpec) DeepCopy() *PlatformEventingSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(PlatformEventingSpec)
+ in.DeepCopyInto(out)
+ return out
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PlatformMonitoringOptionsSpec) DeepCopyInto(out *PlatformMonitoringOptionsSpec) {
+ *out = *in
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformMonitoringOptionsSpec.
+func (in *PlatformMonitoringOptionsSpec) DeepCopy() *PlatformMonitoringOptionsSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(PlatformMonitoringOptionsSpec)
+ in.DeepCopyInto(out)
+ return out
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PlatformPersistenceOptionsSpec) DeepCopyInto(out *PlatformPersistenceOptionsSpec) {
*out = *in
@@ -795,12 +902,12 @@ func (in *ServicesPlatformSpec) DeepCopyInto(out *ServicesPlatformSpec) {
*out = *in
if in.DataIndex != nil {
in, out := &in.DataIndex, &out.DataIndex
- *out = new(ServiceSpec)
+ *out = new(DataIndexServiceSpec)
if in.JobService != nil {
in, out := &in.JobService, &out.JobService
- *out = new(ServiceSpec)
+ *out = new(JobServiceServiceSpec)
@@ -1186,6 +1293,11 @@ func (in *SonataFlowPlatformSpec) DeepCopyInto(out *SonataFlowPlatformSpec) {
*out = new(ServicesPlatformSpec)
+ if in.Eventing != nil {
+ in, out := &in.Eventing, &out.Eventing
+ *out = new(PlatformEventingSpec)
+ (*in).DeepCopyInto(*out)
+ }
if in.Persistence != nil {
in, out := &in.Persistence, &out.Persistence
*out = new(PlatformPersistenceOptionsSpec)
@@ -1196,6 +1308,11 @@ func (in *SonataFlowPlatformSpec) DeepCopyInto(out *SonataFlowPlatformSpec) {
*out = new(PropertyPlatformSpec)
+ if in.Monitoring != nil {
+ in, out := &in.Monitoring, &out.Monitoring
+ *out = new(PlatformMonitoringOptionsSpec)
+ **out = **in
+ }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SonataFlowPlatformSpec.
@@ -1224,6 +1341,11 @@ func (in *SonataFlowPlatformStatus) DeepCopyInto(out *SonataFlowPlatformStatus)
*out = new(SonataFlowClusterPlatformRefStatus)
+ if in.Triggers != nil {
+ in, out := &in.Triggers, &out.Triggers
+ *out = make([]SonataFlowPlatformTriggerRef, len(*in))
+ copy(*out, *in)
+ }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SonataFlowPlatformStatus.
@@ -1236,6 +1358,37 @@ func (in *SonataFlowPlatformStatus) DeepCopy() *SonataFlowPlatformStatus {
return out
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SonataFlowPlatformTriggerRef) DeepCopyInto(out *SonataFlowPlatformTriggerRef) {
+ *out = *in
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SonataFlowPlatformTriggerRef.
+func (in *SonataFlowPlatformTriggerRef) DeepCopy() *SonataFlowPlatformTriggerRef {
+ if in == nil {
+ return nil
+ }
+ out := new(SonataFlowPlatformTriggerRef)
+ in.DeepCopyInto(out)
+ return out
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SonataFlowSourceSpec) DeepCopyInto(out *SonataFlowSourceSpec) {
+ *out = *in
+ in.Destination.DeepCopyInto(&out.Destination)
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SonataFlowSourceSpec.
+func (in *SonataFlowSourceSpec) DeepCopy() *SonataFlowSourceSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(SonataFlowSourceSpec)
+ in.DeepCopyInto(out)
+ return out
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SonataFlowSpec) DeepCopyInto(out *SonataFlowSpec) {
*out = *in
@@ -1252,6 +1405,13 @@ func (in *SonataFlowSpec) DeepCopyInto(out *SonataFlowSpec) {
*out = new(duckv1.Destination)
+ if in.Sources != nil {
+ in, out := &in.Sources, &out.Sources
+ *out = make([]SonataFlowSourceSpec, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SonataFlowSpec.
@@ -1280,6 +1440,16 @@ func (in *SonataFlowStatus) DeepCopyInto(out *SonataFlowStatus) {
*out = new(PlatformServicesStatus)
+ if in.Platform != nil {
+ in, out := &in.Platform, &out.Platform
+ *out = new(SonataFlowPlatformRef)
+ **out = **in
+ }
+ if in.Triggers != nil {
+ in, out := &in.Triggers, &out.Triggers
+ *out = make([]SonataFlowTriggerRef, len(*in))
+ copy(*out, *in)
+ }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SonataFlowStatus.
@@ -1292,6 +1462,21 @@ func (in *SonataFlowStatus) DeepCopy() *SonataFlowStatus {
return out
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SonataFlowTriggerRef) DeepCopyInto(out *SonataFlowTriggerRef) {
+ *out = *in
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SonataFlowTriggerRef.
+func (in *SonataFlowTriggerRef) DeepCopy() *SonataFlowTriggerRef {
+ if in == nil {
+ return nil
+ }
+ out := new(SonataFlowTriggerRef)
+ in.DeepCopyInto(out)
+ return out
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WorkflowResources) DeepCopyInto(out *WorkflowResources) {
*out = *in
diff --git a/packages/sonataflow-operator/api/zz_generated.deepcopy.go b/packages/sonataflow-operator/api/zz_generated.deepcopy.go
index b68499c7bee..3a64d22da01 100644
--- a/packages/sonataflow-operator/api/zz_generated.deepcopy.go
+++ b/packages/sonataflow-operator/api/zz_generated.deepcopy.go
@@ -1,27 +1,28 @@
//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
// Code generated by controller-gen. DO NOT EDIT.
package api
-import ()
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Condition) DeepCopyInto(out *Condition) {
*out = *in
diff --git a/packages/sonataflow-operator/bundle/README.md b/packages/sonataflow-operator/bundle/README.md
new file mode 100644
index 00000000000..bc726952f45
--- /dev/null
+++ b/packages/sonataflow-operator/bundle/README.md
@@ -0,0 +1,11 @@
+# SonataFlow Operator Bundle
+To generate the files in [manifests](manifests) directory run from the project's root:
+make generate-all
+make vet fmt
+The file `sonataflow-operator.clusterserviceversion.yaml` will be generated as part of the outcome of this command.
+This file has been removed from git since every time the command runs, it generates the attribute `createdAt`.
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-builder-config_v1_configmap.yaml b/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-builder-config_v1_configmap.yaml
deleted file mode 100644
index fb6edfcc9d7..00000000000
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-builder-config_v1_configmap.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-apiVersion: v1
- Dockerfile: |
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing,
- # software distributed under the License is distributed on an
- # KIND, either express or implied. See the License for the
- # specific language governing permissions and limitations
- # under the License.
- FROM docker.io/apache/incubator-kie-sonataflow-builder:main AS builder
- # This image name and tag is auto-replaced using environment variables during install, don't touch.
- # variables that can be overridden by the builder
- # To add a Quarkus extension to your application
- # Args to pass to the Quarkus CLI add extension command
- # Additional java/mvn arguments to pass to the builder
- # Copy from build context to skeleton resources project
- COPY --chown=1001 . ./resources
- RUN /home/kogito/launch/build-app.sh ./resources
- #=============================
- # Runtime Run
- #=============================
- FROM registry.access.redhat.com/ubi9/openjdk-17-runtime:latest
- ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
- # We make four distinct layers so if there are application changes the library layers can be re-used
- COPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/lib/ /deployments/lib/
- COPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/*.jar /deployments/
- COPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/app/ /deployments/app/
- COPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/quarkus/ /deployments/quarkus/
- EXPOSE 8080
- USER 185
- ENV JAVA_OPTS="-Dquarkus.http.host= -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
- ENV JAVA_APP_JAR="/deployments/quarkus-run.jar"
-kind: ConfigMap
- name: sonataflow-operator-builder-config
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-controllers-config_v1_configmap.yaml b/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-controllers-config_v1_configmap.yaml
deleted file mode 100644
index 2697290b5d3..00000000000
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-controllers-config_v1_configmap.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-apiVersion: v1
- controllers_cfg.yaml: |
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing,
- # software distributed under the License is distributed on an
- # KIND, either express or implied. See the License for the
- # specific language governing permissions and limitations
- # under the License.
- # The default size of Kaniko PVC when using the internal operator builder manager
- defaultPvcKanikoSize: 1Gi
- # How much time (in seconds) to wait for a devmode workflow to start.
- # This information is used for the controller manager to create new devmode containers and setup the healthcheck probes.
- healthFailureThresholdDevMode: 50
- # Default image used internally by the Operator Managed Kaniko builder to create the warmup pods
- kanikoDefaultWarmerImageTag: gcr.io/kaniko-project/warmer:v1.9.0
- # Default image used internally by the Operator Managed Kaniko builder to create the executor pods
- kanikoExecutorImageTag: gcr.io/kaniko-project/executor:v1.9.0
- # The Jobs Service image to use, if empty the operator will use the default Apache Community one based on the current operator's version
- jobsServicePostgreSQLImageTag: ""
- jobsServiceEphemeralImageTag: ""
- # The Data Index image to use, if empty the operator will use the default Apache Community one based on the current operator's version
- dataIndexPostgreSQLImageTag: ""
- dataIndexEphemeralImageTag: ""
- # SonataFlow base builder image used in the internal Dockerfile to build workflow applications in preview profile
- # Order of precedence is:
- # 1. SonataFlowPlatform in the given namespace
- # 2. This configuration
- # 3. The FROM in the Dockerfile in the operator's namespace "sonataflow-operator-builder-config" configMap.
- # If 1 or 2, the FROM tag will be replaced by the tag se there.
- # If empty the operator will use the default Apache Community one based on the current operator's version.
- sonataFlowBaseBuilderImageTag: ""
- # The image to use to deploy SonataFlow workflow images in devmode profile.
- # If empty the operator will use the default Apache Community one based on the current operator's version.
- sonataFlowDevModeImageTag: ""
- # The default name of the builder configMap in the operator's namespace
- builderConfigMapName: "sonataflow-operator-builder-config"
-kind: ConfigMap
- name: sonataflow-operator-controllers-config
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-manager-config_v1_configmap.yaml b/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-manager-config_v1_configmap.yaml
deleted file mode 100644
index 1e0ec5e16ad..00000000000
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-manager-config_v1_configmap.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: v1
- controller_manager_config.yaml: |
- apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
- kind: ControllerManagerConfig
- health:
- healthProbeBindAddress: :8081
- metrics:
- bindAddress:
- webhook:
- port: 9443
- leaderElection:
- leaderElect: true
- resourceName: 1be5e57d.kiegroup.org
-kind: ConfigMap
- name: sonataflow-operator-manager-config
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator.clusterserviceversion.yaml b/packages/sonataflow-operator/bundle/manifests/sonataflow-operator.clusterserviceversion.yaml
deleted file mode 100644
index 9a4601357f8..00000000000
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator.clusterserviceversion.yaml
+++ /dev/null
@@ -1,882 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: operators.coreos.com/v1alpha1
-kind: ClusterServiceVersion
- annotations:
- alm-examples: |-
- [
- {
- "apiVersion": "sonataflow.org/v1alpha08",
- "kind": "SonataFlow",
- "metadata": {
- "annotations": {
- "sonataflow.org/description": "Greeting example on k8s!",
- "sonataflow.org/version": "0.0.1"
- },
- "name": "greeting"
- },
- "spec": {
- "flow": {
- "functions": [
- {
- "name": "greetFunction",
- "operation": "sysout",
- "type": "custom"
- }
- ],
- "start": "ChooseOnLanguage",
- "states": [
- {
- "dataConditions": [
- {
- "condition": "${ .language == \"English\" }",
- "transition": "GreetInEnglish"
- },
- {
- "condition": "${ .language == \"Spanish\" }",
- "transition": "GreetInSpanish"
- }
- ],
- "defaultCondition": "GreetInEnglish",
- "name": "ChooseOnLanguage",
- "type": "switch"
- },
- {
- "data": {
- "greeting": "Hello from JSON Workflow, "
- },
- "name": "GreetInEnglish",
- "transition": "GreetPerson",
- "type": "inject"
- },
- {
- "data": {
- "greeting": "Saludos desde JSON Workflow, "
- },
- "name": "GreetInSpanish",
- "transition": "GreetPerson",
- "type": "inject"
- },
- {
- "actions": [
- {
- "functionRef": {
- "arguments": {
- "message": ".greeting+.name"
- },
- "refName": "greetFunction"
- },
- "name": "greetAction"
- }
- ],
- "end": true,
- "name": "GreetPerson",
- "type": "operation"
- }
- ]
- }
- }
- },
- {
- "apiVersion": "sonataflow.org/v1alpha08",
- "kind": "SonataFlowBuild",
- "metadata": {
- "name": "greeting"
- },
- "spec": {
- "timeout": "360s"
- }
- },
- {
- "apiVersion": "sonataflow.org/v1alpha08",
- "kind": "SonataFlowClusterPlatform",
- "metadata": {
- "name": "sonataflow-clusterplatform"
- },
- "spec": {
- "platformRef": {
- "name": "sonataflow-platform",
- "namespace": "sonataflow-operator-system"
- }
- }
- },
- {
- "apiVersion": "sonataflow.org/v1alpha08",
- "kind": "SonataFlowPlatform",
- "metadata": {
- "name": "sonataflow-platform"
- },
- "spec": {
- "build": {
- "config": {
- "registry": {
- "address": "docker.io/apache",
- "secret": "regcred"
- }
- }
- }
- }
- }
- ]
- capabilities: Basic Install
- categories: Application Runtime
- containerImage: docker.io/apache/incubator-kie-sonataflow-operator:main
- description: SonataFlow Kubernetes Operator for deploying workflow applications
- based on the CNCF Serverless Workflow specification
- operators.operatorframework.io/builder: operator-sdk-v1.25.0
- operators.operatorframework.io/internal-objects: '["sonataflowbuilds.sonataflow.org"]'
- operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
- repository: https://github.com/apache/incubator-kie-tools/packages/sonataflow-operator
- support: Red Hat
- name: sonataflow-operator.v0.0.0
- namespace: placeholder
- apiservicedefinitions: {}
- customresourcedefinitions:
- owned:
- - description: SonataFlowBuild is an internal custom resource to control workflow
- build instances in the target platform
- displayName: Sonata Flow Build
- kind: SonataFlowBuild
- name: sonataflowbuilds.sonataflow.org
- resources:
- - kind: BuildConfig
- name: An Openshift Build Config
- version: build.openshift.io/v1
- specDescriptors:
- - description: 'Arguments lists the command line arguments to send to the internal
- builder command. Depending on the build method you might set this attribute
- instead of BuildArgs. For example: ".spec.arguments=verbose=3". Please see
- the SonataFlow guides.'
- displayName: Arguments
- path: arguments
- - description: Optional build arguments that can be set to the internal build
- (e.g. Docker ARG)
- displayName: BuildArgs
- path: buildArgs
- - description: Optional environment variables to add to the internal build
- displayName: Envs
- path: envs
- - description: Resources optional compute resource requirements for the builder
- displayName: Resources
- path: resources
- - description: Timeout defines the Build maximum execution duration. The Build
- deadline is set to the Build start time plus the Timeout duration. If the
- Build deadline is exceeded, the Build context is canceled, and its phase
- set to BuildPhaseFailed.
- displayName: Timeout
- path: timeout
- statusDescriptors:
- - description: BuildPhase Current phase of the build
- displayName: BuildPhase
- path: buildPhase
- - description: Error Last error found during build
- displayName: Error
- path: error
- - description: ImageTag The final image tag produced by this build instance
- displayName: ImageTag
- path: imageTag
- - description: InnerBuild is a reference to an internal build object, which
- can be anything known only to internal builders.
- displayName: InnerBuild
- path: innerBuild
- version: v1alpha08
- - description: SonataFlowClusterPlatform is the Schema for the sonataflowclusterplatforms
- displayName: Sonata Flow Cluster Platform
- kind: SonataFlowClusterPlatform
- name: sonataflowclusterplatforms.sonataflow.org
- resources:
- - kind: SonataFlowPlatform
- name: A SonataFlow Platform
- version: sonataflow.org/v1alpha08
- specDescriptors:
- - description: Capabilities defines which platform capabilities should be applied
- cluster-wide. If nil, defaults to `capabilities.workflows["services"]`
- displayName: Capabilities
- path: capabilities
- - description: PlatformRef defines which existing SonataFlowPlatform's supporting
- services should be used cluster-wide.
- displayName: PlatformRef
- path: platformRef
- - description: Name of the SonataFlowPlatform
- displayName: Platform_Name
- path: platformRef.name
- - description: Namespace of the SonataFlowPlatform
- displayName: Platform_NS
- path: platformRef.namespace
- statusDescriptors:
- - description: Version the operator version controlling this ClusterPlatform
- displayName: version
- path: version
- version: v1alpha08
- - description: SonataFlowPlatform is the descriptor for the workflow platform
- infrastructure.
- displayName: Sonata Flow Platform
- kind: SonataFlowPlatform
- name: sonataflowplatforms.sonataflow.org
- resources:
- - kind: Namespace
- name: The Namespace controlled by the platform
- version: v1
- specDescriptors:
- - description: Build Attributes for building workflows in the target platform
- displayName: Build
- path: build
- - description: 'Arguments lists the command line arguments to send to the internal
- builder command. Depending on the build method you might set this attribute
- instead of BuildArgs. For example: ".spec.arguments=verbose=3". Please see
- the SonataFlow guides.'
- displayName: Arguments
- path: build.template.arguments
- - description: Optional build arguments that can be set to the internal build
- (e.g. Docker ARG)
- displayName: BuildArgs
- path: build.template.buildArgs
- - description: Optional environment variables to add to the internal build
- displayName: Envs
- path: build.template.envs
- - description: Resources optional compute resource requirements for the builder
- displayName: Resources
- path: build.template.resources
- - description: Timeout defines the Build maximum execution duration. The Build
- deadline is set to the Build start time plus the Timeout duration. If the
- Build deadline is exceeded, the Build context is canceled, and its phase
- set to BuildPhaseFailed.
- displayName: Timeout
- path: build.template.timeout
- - description: DevMode Attributes for running workflows in devmode (immutable,
- no build required)
- displayName: DevMode
- path: devMode
- - description: "Services attributes for deploying supporting applications like
- Data Index & Job Service. Only workflows without the `sonataflow.org/profile:
- dev` annotation will be configured to use these service(s). Setting this
- will override the use of any cluster-scoped services that might be defined
- via `SonataFlowClusterPlatform`."
- displayName: Services
- path: services
- - description: PodTemplate describes the deployment details of this platform
- service instance.
- displayName: podTemplate
- path: services.dataIndex.podTemplate
- - description: PodTemplate describes the deployment details of this platform
- service instance.
- displayName: podTemplate
- path: services.jobService.podTemplate
- statusDescriptors:
- - description: Cluster what kind of cluster you're running (ie, plain Kubernetes
- or OpenShift)
- displayName: cluster
- path: cluster
- - description: ClusterPlatformRef information related to the (optional) active
- SonataFlowClusterPlatform
- displayName: clusterPlatformRef
- path: clusterPlatformRef
- - description: Info generic information related to the build
- displayName: info
- path: info
- - description: Version the operator version controlling this Platform
- displayName: version
- path: version
- version: v1alpha08
- - description: SonataFlow is the descriptor representation for a workflow application
- based on the CNCF Serverless Workflow specification.
- displayName: Sonata Flow
- kind: SonataFlow
- name: sonataflows.sonataflow.org
- resources:
- - kind: Deployment
- name: A Deployment for the Flow
- version: apps/v1
- - kind: Service
- name: A Service for the Flow
- version: v1
- - kind: SonataFlowBuild
- name: A SonataFlow Build
- version: sonataflow.org/v1alpha08
- - kind: Route
- name: An OpenShift Route for the Flow
- version: route.openshift.io/v1
- - kind: ConfigMap
- name: The ConfigMaps with Flow definition and additional configuration files
- version: v1
- specDescriptors:
- - description: Flow the workflow definition.
- displayName: flow
- path: flow
- - description: PodTemplate describes the deployment details of this SonataFlow
- instance.
- displayName: podTemplate
- path: podTemplate
- - description: Resources workflow resources that are linked to this workflow
- definition. For example, a collection of OpenAPI specification files.
- displayName: resources
- path: resources
- - description: Sink describes the sinkBinding details of this SonataFlow instance.
- displayName: sink
- path: sink
- statusDescriptors:
- - description: Address is used as a part of Addressable interface (status.address.url)
- for knative
- displayName: address
- path: address
- - description: Endpoint is an externally accessible URL of the workflow
- displayName: endpoint
- path: endpoint
- - displayName: lastTimeRecoverAttempt
- path: lastTimeRecoverAttempt
- - description: keeps track of how many failure recovers a given workflow had
- so far
- displayName: recoverFailureAttempts
- path: recoverFailureAttempts
- - description: Services displays which platform services are being used by this
- workflow
- displayName: services
- path: services
- version: v1alpha08
- description: |-
- SonataFlow Kubernetes Operator for deploying workflow applications
- based on the [CNCF Serverless Workflow specification](https://serverlessworkflow.io/):
- * Deploy workflow applications using the [dev profile](https://sonataflow.org/serverlessworkflow/latest/cloud/operator/developing-workflows.html), suited for the your development cycle
- * Build workflow applications based on the platform you're currently working on.
- displayName: SonataFlow Operator
- install:
- spec:
- clusterPermissions:
- - rules:
- - apiGroups:
- - ""
- resources:
- - configmaps
- - pods
- - pods/exec
- - services
- - services/finalizers
- - namespaces
- - serviceaccounts
- - persistentvolumeclaims
- - secrets
- - events
- - deployments
- - nodes
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - apps
- resources:
- - configmaps
- - pods
- - pods/exec
- - services
- - services/finalizers
- - namespaces
- - serviceaccounts
- - persistentvolumeclaims
- - secrets
- - events
- - deployments
- - nodes
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - roles
- - rolebindings
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - eventing.knative.dev
- resources:
- - triggers
- - triggers/status
- - triggers/finalizers
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - sources.knative.dev
- resources:
- - sinkbindings
- - sinkbindings/status
- - sinkbindings/finalizers
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowbuilds
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowbuilds/finalizers
- verbs:
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowbuilds/status
- verbs:
- - get
- - patch
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowclusterplatforms
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowclusterplatforms/finalizers
- verbs:
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowclusterplatforms/status
- verbs:
- - get
- - patch
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowplatforms
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowplatforms/finalizers
- verbs:
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowplatforms/status
- verbs:
- - get
- - patch
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflows
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflows/finalizers
- verbs:
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflows/status
- verbs:
- - get
- - patch
- - update
- - apiGroups:
- - route.openshift.io
- resources:
- - route
- - routes
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - route.openshift.io
- resources:
- - route/finalizers
- - routes/finalizers
- verbs:
- - get
- - list
- - create
- - update
- - delete
- - deletecollection
- - patch
- - watch
- - apiGroups:
- - image.openshift.io
- resources:
- - imagestreams
- - imagestreamtags
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - image.openshift.io
- resources:
- - imagestreams/finalizers
- - imagestreamtags/finalizers
- verbs:
- - get
- - list
- - create
- - update
- - delete
- - deletecollection
- - patch
- - watch
- - apiGroups:
- - build.openshift.io
- resources:
- - buildconfigs
- - builds
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - build.openshift.io
- resources:
- - buildconfigs/finalizers
- - builds/finalizers
- verbs:
- - get
- - list
- - create
- - update
- - delete
- - deletecollection
- - patch
- - watch
- - apiGroups:
- - build.openshift.io
- resources:
- - buildconfigs/instantiatebinary
- verbs:
- - create
- - apiGroups:
- - authentication.k8s.io
- resources:
- - tokenreviews
- verbs:
- - create
- - apiGroups:
- - authorization.k8s.io
- resources:
- - subjectaccessreviews
- verbs:
- - create
- - apiGroups:
- - apps
- resources:
- - statefulset
- - statefulsets
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - networking.k8s.io
- resources:
- - ingress
- - ingresses
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - serving.knative.dev
- resources:
- - service
- - services
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - eventing.knative.dev
- resources:
- - broker
- - brokers
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - apps.openshift.io
- resources:
- - deploymentconfigs
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - route.openshift.io
- resources:
- - routes
- verbs:
- - get
- - list
- - watch
- serviceAccountName: sonataflow-operator-controller-manager
- deployments:
- - label:
- control-plane: sonataflow-operator
- name: sonataflow-operator-controller-manager
- spec:
- replicas: 1
- selector:
- matchLabels:
- control-plane: sonataflow-operator
- strategy: {}
- template:
- metadata:
- annotations:
- kubectl.kubernetes.io/default-container: manager
- labels:
- control-plane: sonataflow-operator
- spec:
- containers:
- - args:
- - --health-probe-bind-address=:8081
- - --metrics-bind-address=
- - --leader-elect
- - --v=0
- command:
- - /usr/local/bin/manager
- env:
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: docker.io/apache/incubator-kie-sonataflow-operator:main
- imagePullPolicy: IfNotPresent
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 20
- name: manager
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: 500m
- memory: 128Mi
- requests:
- cpu: 10m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- volumeMounts:
- - mountPath: /config/controllers_cfg.yaml
- name: controllers-config
- subPath: controllers_cfg.yaml
- - args:
- - --secure-listen-address=
- - --upstream=
- - --logtostderr=true
- - --v=0
- image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
- name: kube-rbac-proxy
- ports:
- - containerPort: 8443
- name: https
- protocol: TCP
- resources:
- limits:
- cpu: 500m
- memory: 128Mi
- requests:
- cpu: 5m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- seccompProfile:
- type: RuntimeDefault
- securityContext:
- runAsNonRoot: true
- serviceAccountName: sonataflow-operator-controller-manager
- terminationGracePeriodSeconds: 10
- volumes:
- - configMap:
- name: sonataflow-operator-controllers-config
- name: controllers-config
- permissions:
- - rules:
- - apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- serviceAccountName: sonataflow-operator-controller-manager
- strategy: deployment
- installModes:
- - supported: false
- type: OwnNamespace
- - supported: false
- type: SingleNamespace
- - supported: false
- type: MultiNamespace
- - supported: true
- type: AllNamespaces
- keywords:
- - sonataflow
- - cncf
- - serverless
- - serverlessworkflow
- links:
- - name: Product Page
- url: https://sonataflow.org/serverlessworkflow/latest/index.html
- maintainers:
- - email: bsig-cloud@redhat.com
- name: Red Hat
- maturity: alpha
- minKubeVersion: 1.23.0
- provider:
- name: Red Hat
- version: 0.0.0
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowbuilds.yaml b/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowbuilds.yaml
deleted file mode 100644
index 516d303f9da..00000000000
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowbuilds.yaml
+++ /dev/null
@@ -1,383 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
- name: sonataflowbuilds.sonataflow.org
- group: sonataflow.org
- names:
- kind: SonataFlowBuild
- listKind: SonataFlowBuildList
- plural: sonataflowbuilds
- shortNames:
- - sfb
- - sfbuild
- - sfbuilds
- singular: sonataflowbuild
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.imageTag
- name: Image
- type: string
- - jsonPath: .status.buildPhase
- name: Phase
- type: string
- name: v1alpha08
- schema:
- openAPIV3Schema:
- description: SonataFlowBuild is an internal custom resource to control workflow
- build instances in the target platform
- properties:
- apiVersion:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- metadata:
- type: object
- spec:
- description: SonataFlowBuildSpec define the desired state of th SonataFlowBuild.
- properties:
- arguments:
- description: 'Arguments lists the command line arguments to send to
- the internal builder command. Depending on the build method you
- might set this attribute instead of BuildArgs. For example: ".spec.arguments=verbose=3".
- Please see the SonataFlow guides.'
- items:
- type: string
- type: array
- buildArgs:
- description: Optional build arguments that can be set to the internal
- build (e.g. Docker ARG)
- items:
- description: EnvVar represents an environment variable present in
- a Container.
- properties:
- name:
- description: Name of the environment variable. Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded using
- the previously defined environment variables in the container
- and any service environment variables. If a variable cannot
- be resolved, the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
- string literal "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable exists or
- not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value. Cannot
- be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath is
- written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the specified
- API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of the exposed
- resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's namespace
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envs:
- description: Optional environment variables to add to the internal
- build
- items:
- description: EnvVar represents an environment variable present in
- a Container.
- properties:
- name:
- description: Name of the environment variable. Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded using
- the previously defined environment variables in the container
- and any service environment variables. If a variable cannot
- be resolved, the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
- string literal "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable exists or
- not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value. Cannot
- be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath is
- written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the specified
- API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of the exposed
- resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's namespace
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- resources:
- description: Resources optional compute resource requirements for
- the builder
- properties:
- claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It can only be set
- for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- timeout:
- description: Timeout defines the Build maximum execution duration.
- The Build deadline is set to the Build start time plus the Timeout
- duration. If the Build deadline is exceeded, the Build context is
- canceled, and its phase set to BuildPhaseFailed.
- format: duration
- type: string
- type: object
- status:
- description: SonataFlowBuildStatus defines the observed state of SonataFlowBuild
- properties:
- buildPhase:
- description: BuildPhase Current phase of the build
- type: string
- error:
- description: Error Last error found during build
- type: string
- imageTag:
- description: ImageTag The final image tag produced by this build instance
- type: string
- innerBuild:
- description: InnerBuild is a reference to an internal build object,
- which can be anything known only to internal builders.
- type: object
- x-kubernetes-preserve-unknown-fields: true
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowclusterplatforms.yaml b/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowclusterplatforms.yaml
deleted file mode 100644
index 9080fbddd0b..00000000000
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowclusterplatforms.yaml
+++ /dev/null
@@ -1,150 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
- name: sonataflowclusterplatforms.sonataflow.org
- group: sonataflow.org
- names:
- kind: SonataFlowClusterPlatform
- listKind: SonataFlowClusterPlatformList
- plural: sonataflowclusterplatforms
- singular: sonataflowclusterplatform
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.platformRef.name
- name: Platform_Name
- type: string
- - jsonPath: .spec.platformRef.namespace
- name: Platform_NS
- type: string
- - jsonPath: .status.conditions[?(@.type=='Succeed')].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=='Succeed')].reason
- name: Reason
- type: string
- name: v1alpha08
- schema:
- openAPIV3Schema:
- description: SonataFlowClusterPlatform is the Schema for the sonataflowclusterplatforms
- properties:
- apiVersion:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- metadata:
- type: object
- spec:
- description: SonataFlowClusterPlatformSpec defines the desired state of
- SonataFlowClusterPlatform
- properties:
- capabilities:
- description: Capabilities defines which platform capabilities should
- be applied cluster-wide. If nil, defaults to `capabilities.workflows["services"]`
- properties:
- workflows:
- description: Workflows defines which platform capabilities should
- be applied to workflows cluster-wide.
- items:
- enum:
- - services
- type: string
- type: array
- type: object
- platformRef:
- description: PlatformRef defines which existing SonataFlowPlatform's
- supporting services should be used cluster-wide.
- properties:
- name:
- description: Name of the SonataFlowPlatform
- type: string
- namespace:
- description: Namespace of the SonataFlowPlatform
- type: string
- required:
- - name
- - namespace
- type: object
- required:
- - platformRef
- type: object
- status:
- description: SonataFlowClusterPlatformStatus defines the observed state
- of SonataFlowClusterPlatform
- properties:
- conditions:
- description: The latest available observations of a resource's current
- state.
- items:
- description: Condition describes the common structure for conditions
- in our types
- properties:
- lastUpdateTime:
- description: The last time this condition was updated.
- format: date-time
- type: string
- message:
- description: A human-readable message indicating details about
- the transition.
- type: string
- reason:
- description: The reason for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: Type condition for the given object
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- version:
- description: Version the operator version controlling this ClusterPlatform
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowplatforms.yaml b/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowplatforms.yaml
deleted file mode 100644
index 378023fd3c2..00000000000
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflowplatforms.yaml
+++ /dev/null
@@ -1,16437 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
- name: sonataflowplatforms.sonataflow.org
- group: sonataflow.org
- names:
- kind: SonataFlowPlatform
- listKind: SonataFlowPlatformList
- plural: sonataflowplatforms
- shortNames:
- - sfp
- - sfplatform
- - sfplatforms
- singular: sonataflowplatform
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.cluster
- name: Cluster
- type: string
- - jsonPath: .status.conditions[?(@.type=='Succeed')].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=='Succeed')].reason
- name: Reason
- type: string
- name: v1alpha08
- schema:
- openAPIV3Schema:
- description: SonataFlowPlatform is the descriptor for the workflow platform
- infrastructure.
- properties:
- apiVersion:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- metadata:
- type: object
- spec:
- description: SonataFlowPlatformSpec defines the desired state of SonataFlowPlatform
- properties:
- build:
- description: Build Attributes for building workflows in the target
- platform
- properties:
- config:
- description: Describes the platform configuration for building
- workflows.
- properties:
- baseImage:
- description: a base image that can be used as base layer for
- all images. It can be useful if you want to provide some
- custom base image with further utility software
- type: string
- registry:
- description: Registry the registry where to publish the built
- image
- properties:
- address:
- description: the URI to access
- type: string
- ca:
- description: the configmap which stores the Certificate
- Authority
- type: string
- insecure:
- description: if the container registry is insecure (ie,
- http only)
- type: boolean
- organization:
- description: the registry organization
- type: string
- secret:
- description: the secret where credentials are stored
- type: string
- type: object
- strategy:
- description: BuildStrategy to use to build workflows in the
- platform. Usually, the operator elect the strategy based
- on the platform. Note that this field might be read only
- in certain scenarios.
- type: string
- strategyOptions:
- additionalProperties:
- type: string
- description: BuildStrategyOptions additional options to add
- to the build strategy. See https://sonataflow.org/serverlessworkflow/main/cloud/operator/build-and-deploy-workflows.html
- type: object
- timeout:
- description: how much time to wait before time out the build
- process
- type: string
- type: object
- template:
- description: Describes a build template for building workflows.
- Base for the internal SonataFlowBuild resource.
- properties:
- arguments:
- description: 'Arguments lists the command line arguments to
- send to the internal builder command. Depending on the build
- method you might set this attribute instead of BuildArgs.
- For example: ".spec.arguments=verbose=3". Please see the
- SonataFlow guides.'
- items:
- type: string
- type: array
- buildArgs:
- description: Optional build arguments that can be set to the
- internal build (e.g. Docker ARG)
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables
- in the container and any service environment variables.
- If a variable cannot be resolved, the reference in
- the input string will be unchanged. Double $$ are
- reduced to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether the
- variable exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envs:
- description: Optional environment variables to add to the
- internal build
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables
- in the container and any service environment variables.
- If a variable cannot be resolved, the reference in
- the input string will be unchanged. Double $$ are
- reduced to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether the
- variable exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- resources:
- description: Resources optional compute resource requirements
- for the builder
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where this
- field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount of
- compute resources required. If Requests is omitted for
- a container, it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined value.
- Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- timeout:
- description: Timeout defines the Build maximum execution duration.
- The Build deadline is set to the Build start time plus the
- Timeout duration. If the Build deadline is exceeded, the
- Build context is canceled, and its phase set to BuildPhaseFailed.
- format: duration
- type: string
- type: object
- type: object
- devMode:
- description: DevMode Attributes for running workflows in devmode (immutable,
- no build required)
- properties:
- baseImage:
- description: Base image to run the Workflow in dev mode instead
- of the operator's default.
- type: string
- type: object
- persistence:
- description: Persistence defines the platform persistence configuration.
- When this field is set, the configuration is used as the persistence
- for platform services and SonataFlow instances that don't provide
- one of their own.
- maxProperties: 1
- properties:
- postgresql:
- description: Connect configured services to a postgresql database.
- maxProperties: 2
- minProperties: 2
- properties:
- jdbcUrl:
- description: PostgreSql JDBC URL. Mutually exclusive to serviceRef.
- e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
- type: string
- secretRef:
- description: Secret reference to the database user credentials
- properties:
- name:
- description: Name of the postgresql credentials secret.
- type: string
- passwordKey:
- description: Defaults to POSTGRESQL_PASSWORD
- type: string
- userKey:
- description: Defaults to POSTGRESQL_USER
- type: string
- required:
- - name
- type: object
- serviceRef:
- description: Service reference to postgresql datasource. Mutually
- exclusive to jdbcUrl.
- properties:
- databaseName:
- description: Name of postgresql database to be used. Defaults
- to "sonataflow"
- type: string
- name:
- description: Name of the postgresql k8s service.
- type: string
- namespace:
- description: Namespace of the postgresql k8s service.
- Defaults to the SonataFlowPlatform's local namespace.
- type: string
- port:
- description: Port to use when connecting to the postgresql
- k8s service. Defaults to 5432.
- type: integer
- required:
- - name
- type: object
- required:
- - secretRef
- type: object
- type: object
- properties:
- description: "Properties defines the property set for a given actor
- in the current context. For example, the workflow managed properties.
- One can define here a set of properties for SonataFlow deployments
- that will be reused across every workflow deployment. \n These properties
- MAY NOT be propagated to a SonataFlowClusterPlatform since PropertyVarSource
- can only refer local context sources."
- properties:
- flow:
- description: Properties that will be added to the SonataFlow managed
- configMaps in the current context.
- items:
- description: PropertyVar is the entry for a property set derived
- from the Kubernetes API EnvVar. Note that the name doesn't
- have to match C_IDENTIFIER.
- properties:
- name:
- description: The property name
- type: string
- value:
- description: Defaults to "".
- type: string
- valueFrom:
- description: Source for the property's value. Cannot be
- used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the flow's
- namespace
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- services:
- description: "Services attributes for deploying supporting applications
- like Data Index & Job Service. Only workflows without the `sonataflow.org/profile:
- dev` annotation will be configured to use these service(s). Setting
- this will override the use of any cluster-scoped services that might
- be defined via `SonataFlowClusterPlatform`."
- properties:
- dataIndex:
- description: "Deploys the Data Index service for use by workflows
- without the `sonataflow.org/profile: dev` annotation."
- properties:
- enabled:
- description: "Determines whether workflows without the `sonataflow.org/profile:
- dev` annotation should be configured to use this service"
- type: boolean
- persistence:
- description: Persists service to a datasource of choice. Ephemeral
- by default.
- maxProperties: 1
- properties:
- postgresql:
- description: Connect configured services to a postgresql
- database.
- maxProperties: 2
- minProperties: 2
- properties:
- jdbcUrl:
- description: PostgreSql JDBC URL. Mutually exclusive
- to serviceRef. e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
- type: string
- secretRef:
- description: Secret reference to the database user
- credentials
- properties:
- name:
- description: Name of the postgresql credentials
- secret.
- type: string
- passwordKey:
- description: Defaults to POSTGRESQL_PASSWORD
- type: string
- userKey:
- description: Defaults to POSTGRESQL_USER
- type: string
- required:
- - name
- type: object
- serviceRef:
- description: Service reference to postgresql datasource.
- Mutually exclusive to jdbcUrl.
- properties:
- databaseName:
- description: Name of postgresql database to be
- used. Defaults to "sonataflow"
- type: string
- databaseSchema:
- description: Schema of postgresql database to
- be used. Defaults to "data-index-service"
- type: string
- name:
- description: Name of the postgresql k8s service.
- type: string
- namespace:
- description: Namespace of the postgresql k8s service.
- Defaults to the SonataFlowPlatform's local namespace.
- type: string
- port:
- description: Port to use when connecting to the
- postgresql k8s service. Defaults to 5432.
- type: integer
- required:
- - name
- type: object
- required:
- - secretRef
- type: object
- type: object
- podTemplate:
- description: PodTemplate describes the deployment details
- of this platform service instance.
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before the
- system will actively try to mark it failed and kill
- associated containers. Value must be a positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules
- for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node matches
- the corresponding matchExpressions; the node(s)
- with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term
- matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling
- term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching
- the corresponding nodeSelectorTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod
- from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector
- terms. The terms are ORed.
- items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- type: array
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules
- (e.g. co-locate this pod in the same node, zone,
- etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most preferred
- is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a
- sum by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates whether
- a service account token should be automatically mounted.
- type: boolean
- container:
- description: Container is the Kubernetes container where
- the application should run. One can change this attribute
- in order to override the defaults provided by the operator.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$
- are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage,
- requests.cpu, requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate
- key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never,
- IfNotPresent. Defaults to Always if :latest tag
- is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should
- take in response to container lifecycle events.
- Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before
- a container is terminated due to an API request
- or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the
- handler, the container will eventually terminate
- within the Pod's termination grace period (unless
- delayed by finalizers). Other management of
- the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying this
- array with strategic merge patch may corrupt the
- data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid port
- number, 0 < x < 65536. If HostNetwork is specified,
- this must match ContainerPort. Most containers
- do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port
- in a pod must have a unique name. Name for
- the port that can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it
- defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It
- can only be set for containers."
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of
- one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes
- that resource available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. Requests cannot
- exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges than
- its parent process. This bool directly controls
- if the no_new_privs flag will be set on the
- container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name is
- windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set when
- spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name is
- windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note that
- this field cannot be set when spec.os.name is
- windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided at
- both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name is
- windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a
- profile defined in a file on the node should
- be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be set
- if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of
- seccomp profile will be applied. Valid options
- are: \n Localhost - a profile defined in
- a file on the node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the
- GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only
- be honored by components that enable the
- WindowsHostProcessContainers feature flag.
- Setting this field without the feature flag
- will result in errors when validating the
- Pod. All of a Pod's containers must have
- the same effective HostProcess value (it
- is not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run
- the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no other
- probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted,
- just as if the livenessProbe failed. This can be
- used to provide different probe parameters at the
- beginning of a Pod's lifecycle, when it might take
- a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach sessions.
- If stdinOnce is set to true, stdin is opened on
- container start, is empty until the first client
- attaches to stdin, and then remains open and accepts
- data until the client disconnects, at which time
- stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container
- processes that reads from stdin will never receive
- an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated
- by the node if greater than 4096 bytes. The total
- message length across all containers will be limited
- to 12kb. Defaults to /dev/termination-log. Cannot
- be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output is
- limited to 2048 bytes or 80 lines, whichever is
- smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be true.
- Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of
- a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of
- the container that the device will be mapped
- to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting of
- a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at which
- the volume should be mounted. Must not contain
- ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should be
- mounted. Behaves similarly to SubPath but
- environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- type: object
- containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be updated.
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents
- resource resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
- items:
- description: ResourceClaim references one
- entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers generated
- from DNSPolicy. Duplicated nameservers will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated from
- DNSPolicy. Duplicated entries will be removed. Resolution
- options given in Options will override those that
- appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver
- options of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig
- will be merged with the policy selected with DNSPolicy.
- To have DNS options set along with hostNetwork, you
- have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: "EnableServiceLinks indicates whether information
- about services should be injected into pod's environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true."
- type: boolean
- hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts file
- if specified. This is only valid for non-hostNetwork
- pods.
- items:
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry in
- the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: "Use the host's ipc namespace. Optional:
- Default to false."
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod. Use
- the host's network namespace. If this option is set,
- the ports that will be used must be specified. Default
- to false.
- type: boolean
- hostPID:
- description: "Use the host's pid namespace. Optional:
- Default to false."
- type: boolean
- hostUsers:
- description: "Use the host's user namespace. Optional:
- Default to true. If set to true or not present, the
- pod will be run in the host user namespace, useful for
- when the pod needs a feature only available to the host
- user namespace, such as loading a kernel module with
- CAP_SYS_MODULE. When set to false, a new userns is created
- for the pod. Setting false is useful for mitigating
- container breakout vulnerabilities even allowing users
- to run their containers as root without actually having
- root privileges on the host. This field is alpha-level
- and is only honored by servers that enable the UserNamespacesSupport
- feature."
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
- type: string
- imagePullSecrets:
- description: "ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use for
- pulling any of the images used by this PodSpec. If specified,
- these secrets will be passed to individual puller implementations
- for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod"
- items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the
- same namespace.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- initContainers:
- description: "List of initialization containers belonging
- to the pod. Init containers are executed in order prior
- to containers being started. If any init container fails,
- the pod is considered to have failed and is handled
- according to its restartPolicy. The name for an init
- container or normal container must be unique among all
- containers. Init containers may not have Lifecycle actions,
- Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken
- into account during scheduling by finding the highest
- request/limit for each resource type, and then using
- the max of of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar fashion.
- Init containers cannot currently be added or removed.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents
- resource resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
- items:
- description: ResourceClaim references one
- entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this pod
- onto a specific node. If it is non-empty, the scheduler
- simply schedules this pod onto that node, assuming that
- it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: "NodeSelector is a selector which must be
- true for the pod to fit on a node. Selector which must
- match a node's labels for the pod to be scheduled on
- that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
- type: object
- x-kubernetes-map-type: atomic
- os:
- description: "Specifies the OS of the containers in the
- pod. Some pod and container fields are restricted if
- this is set. \n If the OS field is set to linux, the
- following fields must be unset: -securityContext.windowsOptions
- \n If the OS field is set to windows, following fields
- must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers
- - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
- - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
- - spec.securityContext.sysctls - spec.shareProcessNamespace
- - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
- - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
- - spec.containers[*].securityContext.seccompProfile
- - spec.containers[*].securityContext.capabilities -
- spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- - spec.containers[*].securityContext.runAsGroup"
- properties:
- name:
- description: "Name is the name of the operating system.
- The currently supported values are linux and windows.
- Additional value may be defined in future and can
- be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values
- and treat unrecognized values in this field as os:
- null"
- type: string
- required:
- - name
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time by
- the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not be
- set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set to
- the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md"
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
- Defaults to PreemptLowerPriority if unset.
- type: string
- priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will be
- evaluated for pod readiness. A pod is ready when all
- its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True" More
- info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
- items:
- description: PodReadinessGate contains the reference
- to a pod condition
- properties:
- conditionType:
- description: ConditionType refers to a condition
- in the pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- replicas:
- format: int32
- type: integer
- resourceClaims:
- description: "ResourceClaims defines which ResourceClaims
- must be allocated and reserved before the Pod is allowed
- to start. The resources will be made available to those
- containers which consume them by name. \n This is an
- alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
- items:
- description: PodResourceClaim references exactly one
- ResourceClaim through a ClaimSource. It adds a name
- to it that uniquely identifies the ResourceClaim inside
- the Pod. Containers that need access to the ResourceClaim
- reference it with this name.
- properties:
- name:
- description: Name uniquely identifies this resource
- claim inside the pod. This must be a DNS_LABEL.
- type: string
- source:
- description: Source describes where to find the
- ResourceClaim.
- properties:
- resourceClaimName:
- description: ResourceClaimName is the name of
- a ResourceClaim object in the same namespace
- as this pod.
- type: string
- resourceClaimTemplateName:
- description: "ResourceClaimTemplateName is the
- name of a ResourceClaimTemplate object in
- the same namespace as this pod. \n The template
- will be used to create a new ResourceClaim,
- which will be bound to this pod. When this
- pod is deleted, the ResourceClaim will also
- be deleted. The name of the ResourceClaim
- will be -, where
- is the PodResourceClaim.Name.
- Pod validation will reject the pod if the
- concatenated name is not valid for a ResourceClaim
- (e.g. too long). \n An existing ResourceClaim
- with that name that is not owned by the pod
- will not be used for the pod to avoid using
- an unrelated resource by mistake. Scheduling
- and pod startup are then blocked until the
- unrelated ResourceClaim is removed. \n This
- field is immutable and no changes will be
- made to the corresponding ResourceClaim by
- the control plane after creating the ResourceClaim."
- type: string
- type: object
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- restartPolicy:
- description: "Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. In some contexts,
- only a subset of those values may be permitted. Default
- to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy"
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset or
- empty, the "legacy" RuntimeClass will be used, which
- is an implicit class with an empty definition that uses
- the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod will
- be dispatched by default scheduler.
- type: string
- schedulingGates:
- description: "SchedulingGates is an opaque list of values
- that if specified will block scheduling the pod. If
- schedulingGates is not empty, the pod will stay in the
- SchedulingGated state and the scheduler will not attempt
- to schedule the pod. \n SchedulingGates can only be
- set at pod creation time, and be removed only afterwards.
- \n This is a beta feature enabled by the PodSchedulingReadiness
- feature gate."
- items:
- description: PodSchedulingGate is associated to a Pod
- to guard its scheduling.
- properties:
- name:
- description: Name of the scheduling gate. Each scheduling
- gate must have a unique name field.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityContext:
- description: "SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field."
- properties:
- fsGroup:
- description: "A special supplemental group that applies
- to all containers in a pod. Some volume types allow
- the Kubelet to change the ownership of that volume
- to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files
- created in the volume will be owned by FSGroup)
- 3. The permission bits are OR'd with rw-rw---- \n
- If unset, the Kubelet will not modify the ownership
- and permissions of any volume. Note that this field
- cannot be set when spec.os.name is windows."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have no
- effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.
- Note that this field cannot be set when spec.os.name
- is windows.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for
- that container. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not
- run as UID 0 (root) and fail to start the container
- if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified in
- image metadata if unspecified. May also be set in
- SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container. Note that this
- field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to
- all containers. If unspecified, the container runtime
- will allocate a random SELinux context for each
- container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container. Note that this field cannot
- be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file on
- the node should be used. RuntimeDefault - the
- container runtime default profile should be
- used. Unconfined - no profile should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to the
- container's primary GID, the fsGroup (if specified),
- and group memberships defined in the container image
- for the uid of the container process. If unspecified,
- no additional groups are added to any container.
- Note that group memberships defined in the container
- image for the uid of the container process are still
- effective, even if they are not included in this
- list. Note that this field cannot be set when spec.os.name
- is windows.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- Note that this field cannot be set when spec.os.name
- is windows.
- items:
- description: Sysctl defines a kernel parameter to
- be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options within
- a container's SecurityContext will be used. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the
- feature flag will result in errors when validating
- the Pod. All of a Pod's containers must have
- the same effective HostProcess value (it is
- not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork must
- also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: "ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/"
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the default).
- In Linux containers, this means setting the FQDN in
- the hostname field of the kernel (the nodename field
- of struct utsname). In Windows containers, this means
- setting the registry value of hostname for the registry
- key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect.
- Default to false.
- type: boolean
- shareProcessNamespace:
- description: "Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process in
- each container will not be assigned PID 1. HostPID and
- ShareProcessNamespace cannot both be set. Optional:
- Default to false."
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname
- will be "...svc.". If not specified, the pod will not have a
- domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple
- using the matching operator .
- properties:
- effect:
- description: Effect indicates the taint effect to
- match. Empty means match all taint effects. When
- specified, allowed values are NoSchedule, PreferNoSchedule
- and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and Equal.
- Defaults to Equal. Exists is equivalent to wildcard
- for value, so that a pod can tolerate all taints
- of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period
- of time the toleration (which must be of effect
- NoExecute, otherwise this field is ignored) tolerates
- the taint. By default, it is not set, which means
- tolerate the taint forever (do not evict). Zero
- and negative values will be treated as 0 (evict
- immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how a
- group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides by
- the constraints. All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies how
- to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: "MatchLabelKeys is a set of pod label
- keys to select the pods over which spreading will
- be calculated. The keys are used to lookup values
- from the incoming pod labels, those key-value
- labels are ANDed with labelSelector to select
- the group of existing pods over which spreading
- will be calculated for the incoming pod. The same
- key is forbidden to exist in both MatchLabelKeys
- and LabelSelector. MatchLabelKeys cannot be set
- when LabelSelector isn't set. Keys that don't
- exist in the incoming pod labels will be ignored.
- A null or empty list means only match against
- labelSelector. \n This is a beta field and requires
- the MatchLabelKeysInPodTopologySpread feature
- gate to be enabled (enabled by default)."
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: "MaxSkew describes the degree to which
- pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between
- the number of matching pods in the target topology
- and the global minimum. The global minimum is
- the minimum number of matching pods in an eligible
- domain or zero if the number of eligible domains
- is less than MinDomains. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the
- same labelSelector spread as 2/2/1: In this case,
- the global minimum is 1. | zone1 | zone2 | zone3
- | | P P | P P | P | - if MaxSkew is 1,
- incoming pod can only be scheduled to zone3 to
- become 2/2/2; scheduling it onto zone1(zone2)
- would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1). - if MaxSkew is 2, incoming
- pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It's a required field. Default
- value is 1 and 0 is not allowed."
- format: int32
- type: integer
- minDomains:
- description: "MinDomains indicates a minimum number
- of eligible domains. When the number of eligible
- domains with matching topology keys is less than
- minDomains, Pod Topology Spread treats \"global
- minimum\" as 0, and then the calculation of Skew
- is performed. And when the number of eligible
- domains with matching topology keys equals or
- greater than minDomains, this value has no effect
- on scheduling. As a result, when the number of
- eligible domains is less than minDomains, scheduler
- won't schedule more than maxSkew Pods to those
- domains. If value is nil, the constraint behaves
- as if MinDomains is equal to 1. Valid values are
- integers greater than 0. When value is not nil,
- WhenUnsatisfiable must be DoNotSchedule. \n For
- example, in a 3-zone cluster, MaxSkew is set to
- 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2: | zone1 | zone2
- | zone3 | | P P | P P | P P | The number
- of domains is less than 5(MinDomains), so \"global
- minimum\" is treated as 0. In this situation,
- new pod with the same labelSelector cannot be
- scheduled, because computed skew will be 3(3 -
- 0) if new Pod is scheduled to any of the three
- zones, it will violate MaxSkew. \n This is a beta
- field and requires the MinDomainsInPodTopologySpread
- feature gate to be enabled (enabled by default)."
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: "NodeAffinityPolicy indicates how we
- will treat Pod's nodeAffinity/nodeSelector when
- calculating pod topology spread skew. Options
- are: - Honor: only nodes matching nodeAffinity/nodeSelector
- are included in the calculations. - Ignore: nodeAffinity/nodeSelector
- are ignored. All nodes are included in the calculations.
- \n If this value is nil, the behavior is equivalent
- to the Honor policy. This is a beta-level feature
- default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- nodeTaintsPolicy:
- description: "NodeTaintsPolicy indicates how we
- will treat node taints when calculating pod topology
- spread skew. Options are: - Honor: nodes without
- taints, along with tainted nodes for which the
- incoming pod has a toleration, are included. -
- Ignore: node taints are ignored. All nodes are
- included. \n If this value is nil, the behavior
- is equivalent to the Ignore policy. This is a
- beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- topologyKey:
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each as a "bucket", and
- try to put balanced number of pods into each bucket.
- We define a domain as a particular instance of
- a topology. Also, we define an eligible domain
- as a domain whose nodes meet the requirements
- of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
- If TopologyKey is "kubernetes.io/hostname", each
- Node is a domain of that topology. And, if TopologyKey
- is "topology.kubernetes.io/zone", each zone is
- a domain of that topology. It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how to
- deal with a pod if it doesn''t satisfy the spread
- constraint. - DoNotSchedule (default) tells the
- scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint
- is considered "Unsatisfiable" for an incoming
- pod if and only if every possible node assignment
- for that pod would violate "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set
- to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule,
- incoming pod can only be scheduled to zone2(zone3)
- to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
- satisfies MaxSkew(1). In other words, the cluster
- can still be imbalanced, but scheduler won''t
- make it *more* imbalanced. It''s a required field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: "List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes"
- items:
- description: Volume represents a named volume in a pod
- that may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: "awsElasticBlockStore represents an
- AWS Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty).'
- format: int32
- type: integer
- readOnly:
- description: "readOnly value true will force
- the readOnly setting in VolumeMounts. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: boolean
- volumeID:
- description: "volumeID is unique ID of the persistent
- disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data
- Disk mount on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: "cachingMode is the Host Caching
- mode: None, Read Only, Read Write."
- type: string
- diskName:
- description: diskName is the Name of the data
- disk in the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk
- in the blob storage
- type: string
- fsType:
- description: fsType is Filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- kind:
- description: "kind expected values are Shared:
- multiple blob disks per storage account Dedicated:
- single blob disk per storage account Managed:
- azure managed data disk (only in managed availability
- set). defaults to shared"
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File
- Service mount on the host and bind mount to the
- pod.
- properties:
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret
- that contains Azure Storage Account Name and
- Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on
- the host that shares a pod's lifetime
- properties:
- monitors:
- description: "monitors is Required: Monitors
- is a collection of Ceph monitors More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- items:
- type: string
- type: array
- path:
- description: "path is Optional: Used as the
- mounted root, rather than the full Ceph tree,
- default is /"
- type: string
- readOnly:
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: boolean
- secretFile:
- description: "secretFile is Optional: SecretFile
- is the path to key ring for User, default
- is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- secretRef:
- description: "secretRef is Optional: SecretRef
- is reference to the authentication secret
- for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is optional: User is the
- rados user name, default is admin More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: "cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: "readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: boolean
- secretRef:
- description: "secretRef is optional: points
- to a secret object containing parameters used
- to connect to OpenStack."
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: "volumeID used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that
- should populate this volume
- properties:
- defaultMode:
- description: "defaultMode is optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced ConfigMap
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap, the
- volume setup will error unless it is marked
- optional. Paths must be relative and may not
- contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: driver is the name of the CSI driver
- that handles this volume. Consult with your
- admin for the correct name as registered in
- the cluster.
- type: string
- fsType:
- description: fsType to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is
- passed to the associated CSI driver which
- will determine the default filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: nodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to complete
- the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be
- empty if no secret is required. If the secret
- object contains more than one secret, all
- secret references are passed.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: readOnly specifies a read-only
- configuration for the volume. Defaults to
- false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for supported
- values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API
- about the pod that should populate this volume
- properties:
- defaultMode:
- description: "Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: Items is a list of downward API
- volume file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: "Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set."
- format: int32
- type: integer
- path:
- description: "Required: Path is the relative
- path name of the file to be created.
- Must not be absolute or contain the
- '..' path. Must be utf-8 encoded.
- The first item of the relative path
- must not start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are
- currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: "emptyDir represents a temporary directory
- that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- properties:
- medium:
- description: 'medium represents what type of
- storage medium should back this directory.
- The default is "" which means to use the node''s
- default medium. Must be an empty string (default)
- or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: "sizeLimit is the total amount
- of local storage required for this EmptyDir
- volume. The size limit is also applicable
- for memory medium. The maximum usage on memory
- medium EmptyDir would be the minimum value
- between the SizeLimit specified here and the
- sum of memory limits of all containers in
- a pod. The default is nil which means that
- the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "ephemeral represents a volume that
- is handled by a cluster storage driver. The volume's
- lifecycle is tied to the pod that defines it -
- it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c) the
- storage driver is specified through a storage
- class, and d) the storage driver supports dynamic
- volume provisioning through a PersistentVolumeClaim
- (see EphemeralVolumeSource for more information
- on the connection between this volume type and
- PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes
- that persist for longer than the lifecycle of
- an individual pod. \n Use CSI for light-weight
- local ephemeral volumes if the CSI driver is meant
- to be used that way - see the documentation of
- the driver for more information. \n A pod can
- use both types of ephemeral volumes and persistent
- volumes at the same time."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in which
- this EphemeralVolumeSource is embedded will
- be the owner of the PVC, i.e. the PVC will
- be deleted together with the pod. The name
- of the PVC will be `-`
- where `` is the name from the
- `PodSpec.Volumes` array entry. Pod validation
- will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
- \n An existing PVC with that name that is
- not owned by the pod will *not* be used for
- the pod to avoid using an unrelated volume
- by mistake. Starting the pod is then blocked
- until the unrelated PVC is removed. If such
- a pre-created PVC is meant to be used by the
- pod, the PVC has to updated with an owner
- reference to the pod once the pod exists.
- Normally this should not be necessary, but
- it may be useful when manually reconstructing
- a broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created. \n Required,
- must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when
- creating it. No other fields are allowed
- and will be rejected during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged
- into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: "accessModes contains the
- desired access modes the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"
- items:
- type: string
- type: array
- dataSource:
- description: "dataSource field can be
- used to specify either: * An existing
- VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external
- controller can support the specified
- data source, it will create a new
- volume based on the contents of the
- specified data source. When the AnyVolumeDataSource
- feature gate is enabled, dataSource
- contents will be copied to dataSourceRef,
- and dataSourceRef contents will be
- copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace
- is specified, then dataSourceRef will
- not be copied to dataSource."
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: "dataSourceRef specifies
- the object from which to populate
- the volume with data, if a non-empty
- volume is desired. This may be any
- object from a non-empty API group
- (non core object) or a PersistentVolumeClaim
- object. When this field is specified,
- volume binding will only succeed if
- the type of the specified object matches
- some installed volume populator or
- dynamic provisioner. This field will
- replace the functionality of the dataSource
- field and as such if both fields are
- non-empty, they must have the same
- value. For backwards compatibility,
- when namespace isn't specified in
- dataSourceRef, both fields (dataSource
- and dataSourceRef) will be set to
- the same value automatically if one
- of them is empty and the other is
- non-empty. When namespace is specified
- in dataSourceRef, dataSource isn't
- set to the same value and must be
- empty. There are three important differences
- between dataSource and dataSourceRef:
- * While dataSource only allows two
- specific types of objects, dataSourceRef
- allows any non-core object, as well
- as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed
- values (dropping them), dataSourceRef
- preserves all values, and generates
- an error if a disallowed value is
- specified. * While dataSource only
- allows local objects, dataSourceRef
- allows objects in any namespaces.
- (Beta) Using this field requires the
- AnyVolumeDataSource feature gate to
- be enabled. (Alpha) Using the namespace
- field of dataSourceRef requires the
- CrossNamespaceVolumeDataSource feature
- gate to be enabled."
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- namespace:
- description: Namespace is the namespace
- of resource being referenced Note
- that when a namespace is specified,
- a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent
- namespace to allow that namespace's
- owner to accept the reference.
- See the ReferenceGrant documentation
- for details. (Alpha) This field
- requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: "resources represents the
- minimum resources the volume should
- have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed
- to specify resource requirements that
- are lower than previous value but
- must still be higher than capacity
- recorded in the status field of the
- claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources"
- properties:
- claims:
- description: "Claims lists the names
- of resources, defined in spec.resourceClaims,
- that are used by this container.
- \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is
- immutable. It can only be set
- for containers."
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match
- the name of one entry in
- pod.spec.resourceClaims
- of the Pod where this field
- is used. It makes that resource
- available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the
- maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container, it
- defaults to Limits if that is
- explicitly specified, otherwise
- to an implementation-defined value.
- Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- selector:
- description: selector is a label query
- over volumes to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: "storageClassName is the
- name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1"
- type: string
- volumeMode:
- description: volumeMode defines what
- type of volume is required by the
- claim. Value of Filesystem is implied
- when not included in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding
- reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource
- that is attached to a kubelet's host machine and
- then exposed to the pod.
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. TODO: how do we prevent errors
- in the filesystem from compromising the machine'
- type: string
- lun:
- description: "lun is Optional: FC target lun
- number"
- format: int32
- type: integer
- readOnly:
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts."
- type: boolean
- targetWWNs:
- description: "targetWWNs is Optional: FC target
- worldwide names (WWNs)"
- items:
- type: string
- type: array
- wwids:
- description: "wwids Optional: FC volume world
- wide identifiers (wwids) Either wwids or combination
- of targetWWNs and lun must be set, but not
- both simultaneously."
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: flexVolume represents a generic volume
- resource that is provisioned/attached using an
- exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver
- to use for this volume.
- type: string
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends
- on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: "options is Optional: this field
- holds extra command options if any."
- type: object
- readOnly:
- description: "readOnly is Optional: defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts."
- type: boolean
- secretRef:
- description: "secretRef is Optional: secretRef
- is reference to the secret object containing
- sensitive information to pass to the plugin
- scripts. This may be empty if no secret object
- is specified. If the secret object contains
- more than one secret, all secrets are passed
- to the plugin scripts."
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume
- attached to a kubelet's host machine. This depends
- on the Flocker control service being running
- properties:
- datasetName:
- description: datasetName is Name of the dataset
- stored as metadata -> name on the dataset
- for Flocker should be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the
- dataset. This is unique identifier of a Flocker
- dataset
- type: string
- type: object
- gcePersistentDisk:
- description: "gcePersistentDisk represents a GCE
- Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- properties:
- fsType:
- description: 'fsType is filesystem type of the
- volume that you want to mount. Tip: Ensure
- that the filesystem type is supported by the
- host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: "pdName is unique name of the PD
- resource in GCE. Used to identify the disk
- in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: "gitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with a
- git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the
- EmptyDir into the Pod's container."
- properties:
- directory:
- description: directory is the target directory
- name. Must not contain or start with '..'. If
- '.' is supplied, the volume directory will
- be the git repository. Otherwise, if specified,
- the volume will contain the git repository
- in the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for
- the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: "glusterfs represents a Glusterfs mount
- on the host that shares a pod's lifetime. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md"
- properties:
- endpoints:
- description: "endpoints is the endpoint name
- that details Glusterfs topology. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- path:
- description: "path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- readOnly:
- description: "readOnly here will force the Glusterfs
- volume to be mounted with read-only permissions.
- Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: "hostPath represents a pre-existing
- file or directory on the host machine that is
- directly exposed to the container. This is generally
- used for system agents or other privileged things
- that are allowed to see the host machine. Most
- containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can
- use host directory mounts and who can/can not
- mount host directories as read/write."
- properties:
- path:
- description: "path of the directory on the host.
- If the path is a symlink, it will follow the
- link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
- type: string
- type:
- description: 'type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: "iscsi represents an ISCSI Disk resource
- that is attached to a kubelet's host machine
- and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md"
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether
- support iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether
- support iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- initiatorName:
- description: initiatorName is the custom iSCSI
- Initiator Name. If initiatorName is specified
- with iscsiInterface simultaneously, new iSCSI
- interface : will
- be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified
- Name.
- type: string
- iscsiInterface:
- description: iscsiInterface is the interface
- Name that uses an iSCSI transport. Defaults
- to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun
- number.
- format: int32
- type: integer
- portals:
- description: portals is the iSCSI Target Portal
- List. The portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for
- iSCSI target and initiator authentication
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: targetPortal is iSCSI Target Portal.
- The Portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: "name of the volume. Must be a DNS_LABEL
- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
- type: string
- nfs:
- description: "nfs represents an NFS mount on the
- host that shares a pod's lifetime More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- properties:
- path:
- description: "path that is exported by the NFS
- server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- readOnly:
- description: "readOnly here will force the NFS
- export to be mounted with read-only permissions.
- Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: boolean
- server:
- description: "server is the hostname or IP address
- of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: "persistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- properties:
- claimName:
- description: "claimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this
- volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- type: string
- readOnly:
- description: readOnly Will force the ReadOnly
- setting in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets
- host machine
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies
- Photon Controller persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fSType represents the filesystem
- type to mount Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a
- Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources
- secrets, configmaps, and downward API
- properties:
- defaultMode:
- description: defaultMode are the mode bits used
- to set permissions on created files by default.
- Must be an octal value between 0000 and 0777
- or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON
- requires decimal values for mode bits. Directories
- within the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- configMap:
- description: configMap information about
- the configMap data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced ConfigMap
- will be projected into the volume
- as a file whose name is the key
- and content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the ConfigMap, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: key is the key
- to project.
- type: string
- mode:
- description: "mode is Optional:
- mode bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the
- key to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether
- the ConfigMap or its keys must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about
- the downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile
- represents information to create
- the file containing the pod field
- properties:
- fieldRef:
- description: "Required: Selects
- a field of the pod: only annotations,
- labels, name and namespace
- are supported."
- properties:
- apiVersion:
- description: Version of
- the schema the FieldPath
- is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the
- field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode
- bits used to set permissions
- on this file, must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: "Required: Path
- is the relative path name
- of the file to be created.
- Must not be absolute or contain
- the '..' path. Must be utf-8
- encoded. The first item of
- the relative path must not
- start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource
- of the container: only resources
- limits and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are currently
- supported."
- properties:
- containerName:
- description: "Container
- name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the
- output format of the exposed
- resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required:
- resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about
- the secret data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced Secret will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the Secret, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: key is the key
- to project.
- type: string
- mode:
- description: "mode is Optional:
- mode bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the
- key to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional field specify
- whether the Secret or its key must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information
- about the serviceAccountToken data to
- project
- properties:
- audience:
- description: audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified in
- the audience of the token, and otherwise
- should reject the token. The audience
- defaults to the identifier of the
- apiserver.
- type: string
- expirationSeconds:
- description: expirationSeconds is
- the requested duration of validity
- of the service account token. As
- the token approaches expiration,
- the kubelet volume plugin will proactively
- rotate the service account token.
- The kubelet will start trying to
- rotate the token if the token is
- older than 80 percent of its time
- to live or if the token is older
- than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: path is the path relative
- to the mount point of the file to
- project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
- properties:
- group:
- description: group to map volume access to Default
- is no group
- type: string
- readOnly:
- description: readOnly here will force the Quobyte
- volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: registry represents a single or
- multiple Quobyte Registry services specified
- as a string as host:port pair (multiple entries
- are separated with commas) which acts as the
- central registry for volumes
- type: string
- tenant:
- description: tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is set
- by the plugin
- type: string
- user:
- description: user to map volume access to Defaults
- to serivceaccount user
- type: string
- volume:
- description: volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: "rbd represents a Rados Block Device
- mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- image:
- description: "image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- keyring:
- description: "keyring is the path to key ring
- for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- monitors:
- description: "monitors is a collection of Ceph
- monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- items:
- type: string
- type: array
- pool:
- description: "pool is the rados pool name. Default
- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: boolean
- secretRef:
- description: "secretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is the rados user name. Default
- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of
- the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of
- the ScaleIO Protection Domain for the configured
- storage.
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef references to the secret
- for ScaleIO user and other sensitive information.
- If this is not provided, Login operation will
- fail.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable
- SSL communication with Gateway, default false
- type: boolean
- storageMode:
- description: storageMode indicates whether the
- storage for a volume should be ThickProvisioned
- or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage
- Pool associated with the protection domain.
- type: string
- system:
- description: system is the name of the storage
- system as configured in ScaleIO.
- type: string
- volumeName:
- description: volumeName is the name of a volume
- already created in the ScaleIO system that
- is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: "secret represents a secret that should
- populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- properties:
- defaultMode:
- description: "defaultMode is Optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: items If unspecified, each key-value
- pair in the Data field of the referenced Secret
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret, the volume
- setup will error unless it is marked optional.
- Paths must be relative and may not contain
- the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether
- the Secret or its keys must be defined
- type: boolean
- secretName:
- description: "secretName is the name of the
- secret in the pod's namespace to use. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef specifies the secret
- to use for obtaining the StorageOS API credentials. If
- not specified, default values will be attempted.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: volumeName is the human-readable
- name of the StorageOS volume. Volume names
- are only unique within a namespace.
- type: string
- volumeNamespace:
- description: volumeNamespace specifies the scope
- of the volume within StorageOS. If no namespace
- is specified then the Pod's namespace will
- be used. This allows the Kubernetes name
- scoping to be mirrored within StorageOS for
- tighter integration. Set VolumeName to any
- name to override the default behaviour. Set
- to "default" if you are not using namespaces
- within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage
- Policy Based Management (SPBM) profile ID
- associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage
- Policy Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies
- vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- type: object
- jobService:
- description: "Deploys the Job service for use by workflows without
- the `sonataflow.org/profile: dev` annotation."
- properties:
- enabled:
- description: "Determines whether workflows without the `sonataflow.org/profile:
- dev` annotation should be configured to use this service"
- type: boolean
- persistence:
- description: Persists service to a datasource of choice. Ephemeral
- by default.
- maxProperties: 1
- properties:
- postgresql:
- description: Connect configured services to a postgresql
- database.
- maxProperties: 2
- minProperties: 2
- properties:
- jdbcUrl:
- description: PostgreSql JDBC URL. Mutually exclusive
- to serviceRef. e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
- type: string
- secretRef:
- description: Secret reference to the database user
- credentials
- properties:
- name:
- description: Name of the postgresql credentials
- secret.
- type: string
- passwordKey:
- description: Defaults to POSTGRESQL_PASSWORD
- type: string
- userKey:
- description: Defaults to POSTGRESQL_USER
- type: string
- required:
- - name
- type: object
- serviceRef:
- description: Service reference to postgresql datasource.
- Mutually exclusive to jdbcUrl.
- properties:
- databaseName:
- description: Name of postgresql database to be
- used. Defaults to "sonataflow"
- type: string
- databaseSchema:
- description: Schema of postgresql database to
- be used. Defaults to "data-index-service"
- type: string
- name:
- description: Name of the postgresql k8s service.
- type: string
- namespace:
- description: Namespace of the postgresql k8s service.
- Defaults to the SonataFlowPlatform's local namespace.
- type: string
- port:
- description: Port to use when connecting to the
- postgresql k8s service. Defaults to 5432.
- type: integer
- required:
- - name
- type: object
- required:
- - secretRef
- type: object
- type: object
- podTemplate:
- description: PodTemplate describes the deployment details
- of this platform service instance.
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before the
- system will actively try to mark it failed and kill
- associated containers. Value must be a positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules
- for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node matches
- the corresponding matchExpressions; the node(s)
- with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term
- matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling
- term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching
- the corresponding nodeSelectorTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod
- from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector
- terms. The terms are ORed.
- items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- type: array
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules
- (e.g. co-locate this pod in the same node, zone,
- etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most preferred
- is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a
- sum by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates whether
- a service account token should be automatically mounted.
- type: boolean
- container:
- description: Container is the Kubernetes container where
- the application should run. One can change this attribute
- in order to override the defaults provided by the operator.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$
- are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage,
- requests.cpu, requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate
- key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never,
- IfNotPresent. Defaults to Always if :latest tag
- is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should
- take in response to container lifecycle events.
- Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before
- a container is terminated due to an API request
- or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the
- handler, the container will eventually terminate
- within the Pod's termination grace period (unless
- delayed by finalizers). Other management of
- the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying this
- array with strategic merge patch may corrupt the
- data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid port
- number, 0 < x < 65536. If HostNetwork is specified,
- this must match ContainerPort. Most containers
- do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port
- in a pod must have a unique name. Name for
- the port that can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it
- defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It
- can only be set for containers."
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of
- one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes
- that resource available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. Requests cannot
- exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges than
- its parent process. This bool directly controls
- if the no_new_privs flag will be set on the
- container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name is
- windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set when
- spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name is
- windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note that
- this field cannot be set when spec.os.name is
- windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided at
- both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name is
- windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a
- profile defined in a file on the node should
- be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be set
- if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of
- seccomp profile will be applied. Valid options
- are: \n Localhost - a profile defined in
- a file on the node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the
- GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only
- be honored by components that enable the
- WindowsHostProcessContainers feature flag.
- Setting this field without the feature flag
- will result in errors when validating the
- Pod. All of a Pod's containers must have
- the same effective HostProcess value (it
- is not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run
- the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no other
- probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted,
- just as if the livenessProbe failed. This can be
- used to provide different probe parameters at the
- beginning of a Pod's lifecycle, when it might take
- a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach sessions.
- If stdinOnce is set to true, stdin is opened on
- container start, is empty until the first client
- attaches to stdin, and then remains open and accepts
- data until the client disconnects, at which time
- stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container
- processes that reads from stdin will never receive
- an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated
- by the node if greater than 4096 bytes. The total
- message length across all containers will be limited
- to 12kb. Defaults to /dev/termination-log. Cannot
- be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output is
- limited to 2048 bytes or 80 lines, whichever is
- smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be true.
- Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of
- a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of
- the container that the device will be mapped
- to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting of
- a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at which
- the volume should be mounted. Must not contain
- ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should be
- mounted. Behaves similarly to SubPath but
- environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- type: object
- containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be updated.
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents
- resource resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
- items:
- description: ResourceClaim references one
- entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers generated
- from DNSPolicy. Duplicated nameservers will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated from
- DNSPolicy. Duplicated entries will be removed. Resolution
- options given in Options will override those that
- appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver
- options of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig
- will be merged with the policy selected with DNSPolicy.
- To have DNS options set along with hostNetwork, you
- have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: "EnableServiceLinks indicates whether information
- about services should be injected into pod's environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true."
- type: boolean
- hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts file
- if specified. This is only valid for non-hostNetwork
- pods.
- items:
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry in
- the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: "Use the host's ipc namespace. Optional:
- Default to false."
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod. Use
- the host's network namespace. If this option is set,
- the ports that will be used must be specified. Default
- to false.
- type: boolean
- hostPID:
- description: "Use the host's pid namespace. Optional:
- Default to false."
- type: boolean
- hostUsers:
- description: "Use the host's user namespace. Optional:
- Default to true. If set to true or not present, the
- pod will be run in the host user namespace, useful for
- when the pod needs a feature only available to the host
- user namespace, such as loading a kernel module with
- CAP_SYS_MODULE. When set to false, a new userns is created
- for the pod. Setting false is useful for mitigating
- container breakout vulnerabilities even allowing users
- to run their containers as root without actually having
- root privileges on the host. This field is alpha-level
- and is only honored by servers that enable the UserNamespacesSupport
- feature."
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
- type: string
- imagePullSecrets:
- description: "ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use for
- pulling any of the images used by this PodSpec. If specified,
- these secrets will be passed to individual puller implementations
- for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod"
- items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the
- same namespace.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- initContainers:
- description: "List of initialization containers belonging
- to the pod. Init containers are executed in order prior
- to containers being started. If any init container fails,
- the pod is considered to have failed and is handled
- according to its restartPolicy. The name for an init
- container or normal container must be unique among all
- containers. Init containers may not have Lifecycle actions,
- Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken
- into account during scheduling by finding the highest
- request/limit for each resource type, and then using
- the max of of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar fashion.
- Init containers cannot currently be added or removed.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents
- resource resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
- items:
- description: ResourceClaim references one
- entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this pod
- onto a specific node. If it is non-empty, the scheduler
- simply schedules this pod onto that node, assuming that
- it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: "NodeSelector is a selector which must be
- true for the pod to fit on a node. Selector which must
- match a node's labels for the pod to be scheduled on
- that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
- type: object
- x-kubernetes-map-type: atomic
- os:
- description: "Specifies the OS of the containers in the
- pod. Some pod and container fields are restricted if
- this is set. \n If the OS field is set to linux, the
- following fields must be unset: -securityContext.windowsOptions
- \n If the OS field is set to windows, following fields
- must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers
- - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
- - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
- - spec.securityContext.sysctls - spec.shareProcessNamespace
- - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
- - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
- - spec.containers[*].securityContext.seccompProfile
- - spec.containers[*].securityContext.capabilities -
- spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- - spec.containers[*].securityContext.runAsGroup"
- properties:
- name:
- description: "Name is the name of the operating system.
- The currently supported values are linux and windows.
- Additional value may be defined in future and can
- be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values
- and treat unrecognized values in this field as os:
- null"
- type: string
- required:
- - name
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time by
- the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not be
- set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set to
- the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md"
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
- Defaults to PreemptLowerPriority if unset.
- type: string
- priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will be
- evaluated for pod readiness. A pod is ready when all
- its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True" More
- info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
- items:
- description: PodReadinessGate contains the reference
- to a pod condition
- properties:
- conditionType:
- description: ConditionType refers to a condition
- in the pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- replicas:
- format: int32
- type: integer
- resourceClaims:
- description: "ResourceClaims defines which ResourceClaims
- must be allocated and reserved before the Pod is allowed
- to start. The resources will be made available to those
- containers which consume them by name. \n This is an
- alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
- items:
- description: PodResourceClaim references exactly one
- ResourceClaim through a ClaimSource. It adds a name
- to it that uniquely identifies the ResourceClaim inside
- the Pod. Containers that need access to the ResourceClaim
- reference it with this name.
- properties:
- name:
- description: Name uniquely identifies this resource
- claim inside the pod. This must be a DNS_LABEL.
- type: string
- source:
- description: Source describes where to find the
- ResourceClaim.
- properties:
- resourceClaimName:
- description: ResourceClaimName is the name of
- a ResourceClaim object in the same namespace
- as this pod.
- type: string
- resourceClaimTemplateName:
- description: "ResourceClaimTemplateName is the
- name of a ResourceClaimTemplate object in
- the same namespace as this pod. \n The template
- will be used to create a new ResourceClaim,
- which will be bound to this pod. When this
- pod is deleted, the ResourceClaim will also
- be deleted. The name of the ResourceClaim
- will be -, where
- is the PodResourceClaim.Name.
- Pod validation will reject the pod if the
- concatenated name is not valid for a ResourceClaim
- (e.g. too long). \n An existing ResourceClaim
- with that name that is not owned by the pod
- will not be used for the pod to avoid using
- an unrelated resource by mistake. Scheduling
- and pod startup are then blocked until the
- unrelated ResourceClaim is removed. \n This
- field is immutable and no changes will be
- made to the corresponding ResourceClaim by
- the control plane after creating the ResourceClaim."
- type: string
- type: object
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- restartPolicy:
- description: "Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. In some contexts,
- only a subset of those values may be permitted. Default
- to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy"
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset or
- empty, the "legacy" RuntimeClass will be used, which
- is an implicit class with an empty definition that uses
- the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod will
- be dispatched by default scheduler.
- type: string
- schedulingGates:
- description: "SchedulingGates is an opaque list of values
- that if specified will block scheduling the pod. If
- schedulingGates is not empty, the pod will stay in the
- SchedulingGated state and the scheduler will not attempt
- to schedule the pod. \n SchedulingGates can only be
- set at pod creation time, and be removed only afterwards.
- \n This is a beta feature enabled by the PodSchedulingReadiness
- feature gate."
- items:
- description: PodSchedulingGate is associated to a Pod
- to guard its scheduling.
- properties:
- name:
- description: Name of the scheduling gate. Each scheduling
- gate must have a unique name field.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityContext:
- description: "SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field."
- properties:
- fsGroup:
- description: "A special supplemental group that applies
- to all containers in a pod. Some volume types allow
- the Kubelet to change the ownership of that volume
- to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files
- created in the volume will be owned by FSGroup)
- 3. The permission bits are OR'd with rw-rw---- \n
- If unset, the Kubelet will not modify the ownership
- and permissions of any volume. Note that this field
- cannot be set when spec.os.name is windows."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have no
- effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.
- Note that this field cannot be set when spec.os.name
- is windows.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for
- that container. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not
- run as UID 0 (root) and fail to start the container
- if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified in
- image metadata if unspecified. May also be set in
- SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container. Note that this
- field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to
- all containers. If unspecified, the container runtime
- will allocate a random SELinux context for each
- container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container. Note that this field cannot
- be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file on
- the node should be used. RuntimeDefault - the
- container runtime default profile should be
- used. Unconfined - no profile should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to the
- container's primary GID, the fsGroup (if specified),
- and group memberships defined in the container image
- for the uid of the container process. If unspecified,
- no additional groups are added to any container.
- Note that group memberships defined in the container
- image for the uid of the container process are still
- effective, even if they are not included in this
- list. Note that this field cannot be set when spec.os.name
- is windows.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- Note that this field cannot be set when spec.os.name
- is windows.
- items:
- description: Sysctl defines a kernel parameter to
- be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options within
- a container's SecurityContext will be used. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the
- feature flag will result in errors when validating
- the Pod. All of a Pod's containers must have
- the same effective HostProcess value (it is
- not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork must
- also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: "ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/"
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the default).
- In Linux containers, this means setting the FQDN in
- the hostname field of the kernel (the nodename field
- of struct utsname). In Windows containers, this means
- setting the registry value of hostname for the registry
- key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect.
- Default to false.
- type: boolean
- shareProcessNamespace:
- description: "Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process in
- each container will not be assigned PID 1. HostPID and
- ShareProcessNamespace cannot both be set. Optional:
- Default to false."
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname
- will be "...svc.". If not specified, the pod will not have a
- domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple
- using the matching operator .
- properties:
- effect:
- description: Effect indicates the taint effect to
- match. Empty means match all taint effects. When
- specified, allowed values are NoSchedule, PreferNoSchedule
- and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and Equal.
- Defaults to Equal. Exists is equivalent to wildcard
- for value, so that a pod can tolerate all taints
- of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period
- of time the toleration (which must be of effect
- NoExecute, otherwise this field is ignored) tolerates
- the taint. By default, it is not set, which means
- tolerate the taint forever (do not evict). Zero
- and negative values will be treated as 0 (evict
- immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how a
- group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides by
- the constraints. All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies how
- to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: "MatchLabelKeys is a set of pod label
- keys to select the pods over which spreading will
- be calculated. The keys are used to lookup values
- from the incoming pod labels, those key-value
- labels are ANDed with labelSelector to select
- the group of existing pods over which spreading
- will be calculated for the incoming pod. The same
- key is forbidden to exist in both MatchLabelKeys
- and LabelSelector. MatchLabelKeys cannot be set
- when LabelSelector isn't set. Keys that don't
- exist in the incoming pod labels will be ignored.
- A null or empty list means only match against
- labelSelector. \n This is a beta field and requires
- the MatchLabelKeysInPodTopologySpread feature
- gate to be enabled (enabled by default)."
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: "MaxSkew describes the degree to which
- pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between
- the number of matching pods in the target topology
- and the global minimum. The global minimum is
- the minimum number of matching pods in an eligible
- domain or zero if the number of eligible domains
- is less than MinDomains. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the
- same labelSelector spread as 2/2/1: In this case,
- the global minimum is 1. | zone1 | zone2 | zone3
- | | P P | P P | P | - if MaxSkew is 1,
- incoming pod can only be scheduled to zone3 to
- become 2/2/2; scheduling it onto zone1(zone2)
- would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1). - if MaxSkew is 2, incoming
- pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It's a required field. Default
- value is 1 and 0 is not allowed."
- format: int32
- type: integer
- minDomains:
- description: "MinDomains indicates a minimum number
- of eligible domains. When the number of eligible
- domains with matching topology keys is less than
- minDomains, Pod Topology Spread treats \"global
- minimum\" as 0, and then the calculation of Skew
- is performed. And when the number of eligible
- domains with matching topology keys equals or
- greater than minDomains, this value has no effect
- on scheduling. As a result, when the number of
- eligible domains is less than minDomains, scheduler
- won't schedule more than maxSkew Pods to those
- domains. If value is nil, the constraint behaves
- as if MinDomains is equal to 1. Valid values are
- integers greater than 0. When value is not nil,
- WhenUnsatisfiable must be DoNotSchedule. \n For
- example, in a 3-zone cluster, MaxSkew is set to
- 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2: | zone1 | zone2
- | zone3 | | P P | P P | P P | The number
- of domains is less than 5(MinDomains), so \"global
- minimum\" is treated as 0. In this situation,
- new pod with the same labelSelector cannot be
- scheduled, because computed skew will be 3(3 -
- 0) if new Pod is scheduled to any of the three
- zones, it will violate MaxSkew. \n This is a beta
- field and requires the MinDomainsInPodTopologySpread
- feature gate to be enabled (enabled by default)."
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: "NodeAffinityPolicy indicates how we
- will treat Pod's nodeAffinity/nodeSelector when
- calculating pod topology spread skew. Options
- are: - Honor: only nodes matching nodeAffinity/nodeSelector
- are included in the calculations. - Ignore: nodeAffinity/nodeSelector
- are ignored. All nodes are included in the calculations.
- \n If this value is nil, the behavior is equivalent
- to the Honor policy. This is a beta-level feature
- default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- nodeTaintsPolicy:
- description: "NodeTaintsPolicy indicates how we
- will treat node taints when calculating pod topology
- spread skew. Options are: - Honor: nodes without
- taints, along with tainted nodes for which the
- incoming pod has a toleration, are included. -
- Ignore: node taints are ignored. All nodes are
- included. \n If this value is nil, the behavior
- is equivalent to the Ignore policy. This is a
- beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- topologyKey:
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each as a "bucket", and
- try to put balanced number of pods into each bucket.
- We define a domain as a particular instance of
- a topology. Also, we define an eligible domain
- as a domain whose nodes meet the requirements
- of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
- If TopologyKey is "kubernetes.io/hostname", each
- Node is a domain of that topology. And, if TopologyKey
- is "topology.kubernetes.io/zone", each zone is
- a domain of that topology. It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how to
- deal with a pod if it doesn''t satisfy the spread
- constraint. - DoNotSchedule (default) tells the
- scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint
- is considered "Unsatisfiable" for an incoming
- pod if and only if every possible node assignment
- for that pod would violate "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set
- to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule,
- incoming pod can only be scheduled to zone2(zone3)
- to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
- satisfies MaxSkew(1). In other words, the cluster
- can still be imbalanced, but scheduler won''t
- make it *more* imbalanced. It''s a required field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: "List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes"
- items:
- description: Volume represents a named volume in a pod
- that may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: "awsElasticBlockStore represents an
- AWS Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty).'
- format: int32
- type: integer
- readOnly:
- description: "readOnly value true will force
- the readOnly setting in VolumeMounts. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: boolean
- volumeID:
- description: "volumeID is unique ID of the persistent
- disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data
- Disk mount on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: "cachingMode is the Host Caching
- mode: None, Read Only, Read Write."
- type: string
- diskName:
- description: diskName is the Name of the data
- disk in the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk
- in the blob storage
- type: string
- fsType:
- description: fsType is Filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- kind:
- description: "kind expected values are Shared:
- multiple blob disks per storage account Dedicated:
- single blob disk per storage account Managed:
- azure managed data disk (only in managed availability
- set). defaults to shared"
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File
- Service mount on the host and bind mount to the
- pod.
- properties:
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret
- that contains Azure Storage Account Name and
- Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on
- the host that shares a pod's lifetime
- properties:
- monitors:
- description: "monitors is Required: Monitors
- is a collection of Ceph monitors More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- items:
- type: string
- type: array
- path:
- description: "path is Optional: Used as the
- mounted root, rather than the full Ceph tree,
- default is /"
- type: string
- readOnly:
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: boolean
- secretFile:
- description: "secretFile is Optional: SecretFile
- is the path to key ring for User, default
- is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- secretRef:
- description: "secretRef is Optional: SecretRef
- is reference to the authentication secret
- for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is optional: User is the
- rados user name, default is admin More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: "cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: "readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: boolean
- secretRef:
- description: "secretRef is optional: points
- to a secret object containing parameters used
- to connect to OpenStack."
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: "volumeID used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that
- should populate this volume
- properties:
- defaultMode:
- description: "defaultMode is optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced ConfigMap
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap, the
- volume setup will error unless it is marked
- optional. Paths must be relative and may not
- contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: driver is the name of the CSI driver
- that handles this volume. Consult with your
- admin for the correct name as registered in
- the cluster.
- type: string
- fsType:
- description: fsType to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is
- passed to the associated CSI driver which
- will determine the default filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: nodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to complete
- the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be
- empty if no secret is required. If the secret
- object contains more than one secret, all
- secret references are passed.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: readOnly specifies a read-only
- configuration for the volume. Defaults to
- false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for supported
- values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API
- about the pod that should populate this volume
- properties:
- defaultMode:
- description: "Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: Items is a list of downward API
- volume file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: "Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set."
- format: int32
- type: integer
- path:
- description: "Required: Path is the relative
- path name of the file to be created.
- Must not be absolute or contain the
- '..' path. Must be utf-8 encoded.
- The first item of the relative path
- must not start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are
- currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: "emptyDir represents a temporary directory
- that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- properties:
- medium:
- description: 'medium represents what type of
- storage medium should back this directory.
- The default is "" which means to use the node''s
- default medium. Must be an empty string (default)
- or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: "sizeLimit is the total amount
- of local storage required for this EmptyDir
- volume. The size limit is also applicable
- for memory medium. The maximum usage on memory
- medium EmptyDir would be the minimum value
- between the SizeLimit specified here and the
- sum of memory limits of all containers in
- a pod. The default is nil which means that
- the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "ephemeral represents a volume that
- is handled by a cluster storage driver. The volume's
- lifecycle is tied to the pod that defines it -
- it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c) the
- storage driver is specified through a storage
- class, and d) the storage driver supports dynamic
- volume provisioning through a PersistentVolumeClaim
- (see EphemeralVolumeSource for more information
- on the connection between this volume type and
- PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes
- that persist for longer than the lifecycle of
- an individual pod. \n Use CSI for light-weight
- local ephemeral volumes if the CSI driver is meant
- to be used that way - see the documentation of
- the driver for more information. \n A pod can
- use both types of ephemeral volumes and persistent
- volumes at the same time."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in which
- this EphemeralVolumeSource is embedded will
- be the owner of the PVC, i.e. the PVC will
- be deleted together with the pod. The name
- of the PVC will be `-`
- where `` is the name from the
- `PodSpec.Volumes` array entry. Pod validation
- will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
- \n An existing PVC with that name that is
- not owned by the pod will *not* be used for
- the pod to avoid using an unrelated volume
- by mistake. Starting the pod is then blocked
- until the unrelated PVC is removed. If such
- a pre-created PVC is meant to be used by the
- pod, the PVC has to updated with an owner
- reference to the pod once the pod exists.
- Normally this should not be necessary, but
- it may be useful when manually reconstructing
- a broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created. \n Required,
- must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when
- creating it. No other fields are allowed
- and will be rejected during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged
- into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: "accessModes contains the
- desired access modes the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"
- items:
- type: string
- type: array
- dataSource:
- description: "dataSource field can be
- used to specify either: * An existing
- VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external
- controller can support the specified
- data source, it will create a new
- volume based on the contents of the
- specified data source. When the AnyVolumeDataSource
- feature gate is enabled, dataSource
- contents will be copied to dataSourceRef,
- and dataSourceRef contents will be
- copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace
- is specified, then dataSourceRef will
- not be copied to dataSource."
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: "dataSourceRef specifies
- the object from which to populate
- the volume with data, if a non-empty
- volume is desired. This may be any
- object from a non-empty API group
- (non core object) or a PersistentVolumeClaim
- object. When this field is specified,
- volume binding will only succeed if
- the type of the specified object matches
- some installed volume populator or
- dynamic provisioner. This field will
- replace the functionality of the dataSource
- field and as such if both fields are
- non-empty, they must have the same
- value. For backwards compatibility,
- when namespace isn't specified in
- dataSourceRef, both fields (dataSource
- and dataSourceRef) will be set to
- the same value automatically if one
- of them is empty and the other is
- non-empty. When namespace is specified
- in dataSourceRef, dataSource isn't
- set to the same value and must be
- empty. There are three important differences
- between dataSource and dataSourceRef:
- * While dataSource only allows two
- specific types of objects, dataSourceRef
- allows any non-core object, as well
- as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed
- values (dropping them), dataSourceRef
- preserves all values, and generates
- an error if a disallowed value is
- specified. * While dataSource only
- allows local objects, dataSourceRef
- allows objects in any namespaces.
- (Beta) Using this field requires the
- AnyVolumeDataSource feature gate to
- be enabled. (Alpha) Using the namespace
- field of dataSourceRef requires the
- CrossNamespaceVolumeDataSource feature
- gate to be enabled."
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- namespace:
- description: Namespace is the namespace
- of resource being referenced Note
- that when a namespace is specified,
- a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent
- namespace to allow that namespace's
- owner to accept the reference.
- See the ReferenceGrant documentation
- for details. (Alpha) This field
- requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: "resources represents the
- minimum resources the volume should
- have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed
- to specify resource requirements that
- are lower than previous value but
- must still be higher than capacity
- recorded in the status field of the
- claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources"
- properties:
- claims:
- description: "Claims lists the names
- of resources, defined in spec.resourceClaims,
- that are used by this container.
- \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is
- immutable. It can only be set
- for containers."
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match
- the name of one entry in
- pod.spec.resourceClaims
- of the Pod where this field
- is used. It makes that resource
- available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the
- maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container, it
- defaults to Limits if that is
- explicitly specified, otherwise
- to an implementation-defined value.
- Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- selector:
- description: selector is a label query
- over volumes to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: "storageClassName is the
- name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1"
- type: string
- volumeMode:
- description: volumeMode defines what
- type of volume is required by the
- claim. Value of Filesystem is implied
- when not included in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding
- reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource
- that is attached to a kubelet's host machine and
- then exposed to the pod.
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. TODO: how do we prevent errors
- in the filesystem from compromising the machine'
- type: string
- lun:
- description: "lun is Optional: FC target lun
- number"
- format: int32
- type: integer
- readOnly:
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts."
- type: boolean
- targetWWNs:
- description: "targetWWNs is Optional: FC target
- worldwide names (WWNs)"
- items:
- type: string
- type: array
- wwids:
- description: "wwids Optional: FC volume world
- wide identifiers (wwids) Either wwids or combination
- of targetWWNs and lun must be set, but not
- both simultaneously."
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: flexVolume represents a generic volume
- resource that is provisioned/attached using an
- exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver
- to use for this volume.
- type: string
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends
- on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: "options is Optional: this field
- holds extra command options if any."
- type: object
- readOnly:
- description: "readOnly is Optional: defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts."
- type: boolean
- secretRef:
- description: "secretRef is Optional: secretRef
- is reference to the secret object containing
- sensitive information to pass to the plugin
- scripts. This may be empty if no secret object
- is specified. If the secret object contains
- more than one secret, all secrets are passed
- to the plugin scripts."
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume
- attached to a kubelet's host machine. This depends
- on the Flocker control service being running
- properties:
- datasetName:
- description: datasetName is Name of the dataset
- stored as metadata -> name on the dataset
- for Flocker should be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the
- dataset. This is unique identifier of a Flocker
- dataset
- type: string
- type: object
- gcePersistentDisk:
- description: "gcePersistentDisk represents a GCE
- Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- properties:
- fsType:
- description: 'fsType is filesystem type of the
- volume that you want to mount. Tip: Ensure
- that the filesystem type is supported by the
- host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: "pdName is unique name of the PD
- resource in GCE. Used to identify the disk
- in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: "gitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with a
- git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the
- EmptyDir into the Pod's container."
- properties:
- directory:
- description: directory is the target directory
- name. Must not contain or start with '..'. If
- '.' is supplied, the volume directory will
- be the git repository. Otherwise, if specified,
- the volume will contain the git repository
- in the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for
- the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: "glusterfs represents a Glusterfs mount
- on the host that shares a pod's lifetime. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md"
- properties:
- endpoints:
- description: "endpoints is the endpoint name
- that details Glusterfs topology. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- path:
- description: "path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- readOnly:
- description: "readOnly here will force the Glusterfs
- volume to be mounted with read-only permissions.
- Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: "hostPath represents a pre-existing
- file or directory on the host machine that is
- directly exposed to the container. This is generally
- used for system agents or other privileged things
- that are allowed to see the host machine. Most
- containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can
- use host directory mounts and who can/can not
- mount host directories as read/write."
- properties:
- path:
- description: "path of the directory on the host.
- If the path is a symlink, it will follow the
- link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
- type: string
- type:
- description: 'type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: "iscsi represents an ISCSI Disk resource
- that is attached to a kubelet's host machine
- and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md"
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether
- support iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether
- support iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- initiatorName:
- description: initiatorName is the custom iSCSI
- Initiator Name. If initiatorName is specified
- with iscsiInterface simultaneously, new iSCSI
- interface : will
- be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified
- Name.
- type: string
- iscsiInterface:
- description: iscsiInterface is the interface
- Name that uses an iSCSI transport. Defaults
- to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun
- number.
- format: int32
- type: integer
- portals:
- description: portals is the iSCSI Target Portal
- List. The portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for
- iSCSI target and initiator authentication
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: targetPortal is iSCSI Target Portal.
- The Portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: "name of the volume. Must be a DNS_LABEL
- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
- type: string
- nfs:
- description: "nfs represents an NFS mount on the
- host that shares a pod's lifetime More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- properties:
- path:
- description: "path that is exported by the NFS
- server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- readOnly:
- description: "readOnly here will force the NFS
- export to be mounted with read-only permissions.
- Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: boolean
- server:
- description: "server is the hostname or IP address
- of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: "persistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- properties:
- claimName:
- description: "claimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this
- volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- type: string
- readOnly:
- description: readOnly Will force the ReadOnly
- setting in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets
- host machine
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies
- Photon Controller persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fSType represents the filesystem
- type to mount Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a
- Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources
- secrets, configmaps, and downward API
- properties:
- defaultMode:
- description: defaultMode are the mode bits used
- to set permissions on created files by default.
- Must be an octal value between 0000 and 0777
- or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON
- requires decimal values for mode bits. Directories
- within the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- configMap:
- description: configMap information about
- the configMap data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced ConfigMap
- will be projected into the volume
- as a file whose name is the key
- and content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the ConfigMap, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: key is the key
- to project.
- type: string
- mode:
- description: "mode is Optional:
- mode bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the
- key to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether
- the ConfigMap or its keys must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about
- the downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile
- represents information to create
- the file containing the pod field
- properties:
- fieldRef:
- description: "Required: Selects
- a field of the pod: only annotations,
- labels, name and namespace
- are supported."
- properties:
- apiVersion:
- description: Version of
- the schema the FieldPath
- is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the
- field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode
- bits used to set permissions
- on this file, must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: "Required: Path
- is the relative path name
- of the file to be created.
- Must not be absolute or contain
- the '..' path. Must be utf-8
- encoded. The first item of
- the relative path must not
- start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource
- of the container: only resources
- limits and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are currently
- supported."
- properties:
- containerName:
- description: "Container
- name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the
- output format of the exposed
- resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required:
- resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about
- the secret data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced Secret will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the Secret, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: key is the key
- to project.
- type: string
- mode:
- description: "mode is Optional:
- mode bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the
- key to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional field specify
- whether the Secret or its key must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information
- about the serviceAccountToken data to
- project
- properties:
- audience:
- description: audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified in
- the audience of the token, and otherwise
- should reject the token. The audience
- defaults to the identifier of the
- apiserver.
- type: string
- expirationSeconds:
- description: expirationSeconds is
- the requested duration of validity
- of the service account token. As
- the token approaches expiration,
- the kubelet volume plugin will proactively
- rotate the service account token.
- The kubelet will start trying to
- rotate the token if the token is
- older than 80 percent of its time
- to live or if the token is older
- than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: path is the path relative
- to the mount point of the file to
- project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
- properties:
- group:
- description: group to map volume access to Default
- is no group
- type: string
- readOnly:
- description: readOnly here will force the Quobyte
- volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: registry represents a single or
- multiple Quobyte Registry services specified
- as a string as host:port pair (multiple entries
- are separated with commas) which acts as the
- central registry for volumes
- type: string
- tenant:
- description: tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is set
- by the plugin
- type: string
- user:
- description: user to map volume access to Defaults
- to serivceaccount user
- type: string
- volume:
- description: volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: "rbd represents a Rados Block Device
- mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- image:
- description: "image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- keyring:
- description: "keyring is the path to key ring
- for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- monitors:
- description: "monitors is a collection of Ceph
- monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- items:
- type: string
- type: array
- pool:
- description: "pool is the rados pool name. Default
- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: boolean
- secretRef:
- description: "secretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is the rados user name. Default
- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of
- the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of
- the ScaleIO Protection Domain for the configured
- storage.
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef references to the secret
- for ScaleIO user and other sensitive information.
- If this is not provided, Login operation will
- fail.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable
- SSL communication with Gateway, default false
- type: boolean
- storageMode:
- description: storageMode indicates whether the
- storage for a volume should be ThickProvisioned
- or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage
- Pool associated with the protection domain.
- type: string
- system:
- description: system is the name of the storage
- system as configured in ScaleIO.
- type: string
- volumeName:
- description: volumeName is the name of a volume
- already created in the ScaleIO system that
- is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: "secret represents a secret that should
- populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- properties:
- defaultMode:
- description: "defaultMode is Optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: items If unspecified, each key-value
- pair in the Data field of the referenced Secret
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret, the volume
- setup will error unless it is marked optional.
- Paths must be relative and may not contain
- the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether
- the Secret or its keys must be defined
- type: boolean
- secretName:
- description: "secretName is the name of the
- secret in the pod's namespace to use. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef specifies the secret
- to use for obtaining the StorageOS API credentials. If
- not specified, default values will be attempted.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: volumeName is the human-readable
- name of the StorageOS volume. Volume names
- are only unique within a namespace.
- type: string
- volumeNamespace:
- description: volumeNamespace specifies the scope
- of the volume within StorageOS. If no namespace
- is specified then the Pod's namespace will
- be used. This allows the Kubernetes name
- scoping to be mirrored within StorageOS for
- tighter integration. Set VolumeName to any
- name to override the default behaviour. Set
- to "default" if you are not using namespaces
- within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage
- Policy Based Management (SPBM) profile ID
- associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage
- Policy Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies
- vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- status:
- description: SonataFlowPlatformStatus defines the observed state of SonataFlowPlatform
- properties:
- cluster:
- description: Cluster what kind of cluster you're running (ie, plain
- Kubernetes or OpenShift)
- enum:
- - kubernetes
- - openshift
- type: string
- clusterPlatformRef:
- description: ClusterPlatformRef information related to the (optional)
- active SonataFlowClusterPlatform
- properties:
- name:
- description: Name of the active SonataFlowClusterPlatform
- type: string
- platformRef:
- description: PlatformRef displays which SonataFlowPlatform has
- been referenced by the active SonataFlowClusterPlatform
- properties:
- name:
- description: Name of the SonataFlowPlatform
- type: string
- namespace:
- description: Namespace of the SonataFlowPlatform
- type: string
- required:
- - name
- - namespace
- type: object
- services:
- description: Services displays which cluster-wide services are
- being used by this SonataFlowPlatform
- properties:
- dataIndexRef:
- description: DataIndexRef displays information on the cluster-wide
- Data Index service
- properties:
- url:
- description: Url displays the base url of the service
- type: string
- type: object
- jobServiceRef:
- description: JobServiceRef displays information on the cluster-wide
- Job Service
- properties:
- url:
- description: Url displays the base url of the service
- type: string
- type: object
- type: object
- type: object
- conditions:
- description: The latest available observations of a resource's current
- state.
- items:
- description: Condition describes the common structure for conditions
- in our types
- properties:
- lastUpdateTime:
- description: The last time this condition was updated.
- format: date-time
- type: string
- message:
- description: A human-readable message indicating details about
- the transition.
- type: string
- reason:
- description: The reason for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: Type condition for the given object
- type: string
- required:
- - status
- - type
- type: object
- type: array
- info:
- additionalProperties:
- type: string
- description: Info generic information related to the build
- type: object
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- version:
- description: Version the operator version controlling this Platform
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflows.yaml b/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflows.yaml
deleted file mode 100644
index bd7cebefd61..00000000000
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow.org_sonataflows.yaml
+++ /dev/null
@@ -1,9525 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
- name: sonataflows.sonataflow.org
- group: sonataflow.org
- names:
- kind: SonataFlow
- listKind: SonataFlowList
- plural: sonataflows
- shortNames:
- - sf
- - workflow
- - workflows
- singular: sonataflow
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.annotations.sonataflow\.org\/profile
- name: Profile
- type: string
- - jsonPath: .metadata.annotations.sonataflow\.org\/version
- name: Version
- type: string
- - jsonPath: .status.endpoint
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=='Running')].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=='Running')].reason
- name: Reason
- type: string
- name: v1alpha08
- schema:
- openAPIV3Schema:
- description: SonataFlow is the descriptor representation for a workflow application
- based on the CNCF Serverless Workflow specification.
- properties:
- apiVersion:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- metadata:
- type: object
- spec:
- description: SonataFlowSpec defines the desired state of SonataFlow
- properties:
- flow:
- description: Flow the workflow definition.
- properties:
- annotations:
- description: Annotations List of helpful terms describing the
- workflows intended purpose, subject areas, or other important
- qualities.
- items:
- type: string
- type: array
- auth:
- description: Auth definitions can be used to define authentication
- information that should be applied to resources defined in the
- operation property of function definitions. It is not used as
- authentication information for the function invocation, but
- just to access the resource containing the function invocation
- information.
- x-kubernetes-preserve-unknown-fields: true
- autoRetries:
- description: AutoRetries If set to true, actions should automatically
- be retried on unchecked errors. Default is false
- type: boolean
- constants:
- additionalProperties:
- description: RawMessage is a raw encoded JSON value. It implements
- Marshaler and Unmarshaler and can be used to delay JSON decoding
- or precompute a JSON encoding.
- format: byte
- type: string
- description: Constants Workflow constants are used to define static,
- and immutable, data which is available to Workflow Expressions.
- type: object
- dataInputSchema:
- description: DataInputSchema URI of the JSON Schema used to validate
- the workflow data input
- properties:
- failOnValidationErrors:
- type: boolean
- schema:
- type: string
- required:
- - failOnValidationErrors
- - schema
- type: object
- errors:
- description: Defines checked errors that can be explicitly handled
- during workflow execution.
- items:
- description: Error declaration for workflow definitions
- properties:
- code:
- description: Code OnError code. Can be used in addition
- to the name to help runtimes resolve to technical errors/exceptions.
- Should not be defined if error is set to '*'.
- type: string
- description:
- description: OnError description.
- type: string
- name:
- description: Name Domain-specific error name.
- type: string
- required:
- - name
- type: object
- type: array
- events:
- items:
- description: Event used to define events and their correlations
- properties:
- correlation:
- description: Define event correlation rules for this event.
- Only used for consumed events.
- items:
- description: Correlation define event correlation rules
- for an event. Only used for `consumed` events
- properties:
- contextAttributeName:
- description: CloudEvent Extension Context Attribute
- name
- type: string
- contextAttributeValue:
- description: CloudEvent Extension Context Attribute
- value
- type: string
- required:
- - contextAttributeName
- type: object
- type: array
- dataOnly:
- description: If `true`, only the Event payload is accessible
- to consuming Workflow states. If `false`, both event payload
- and context attributes should be accessible. Defaults
- to true.
- type: boolean
- kind:
- default: consumed
- description: Defines the CloudEvent as either 'consumed'
- or 'produced' by the workflow. Defaults to `consumed`.
- enum:
- - consumed
- - produced
- type: string
- metadata:
- additionalProperties:
- type: object
- description: Metadata information
- type: object
- name:
- description: Unique event name.
- type: string
- source:
- description: CloudEvent source.
- type: string
- type:
- description: CloudEvent type.
- type: string
- required:
- - name
- - type
- type: object
- type: array
- functions:
- items:
- description: Function ...
- properties:
- authRef:
- description: References an auth definition name to be used
- to access to resource defined in the operation parameter.
- type: string
- metadata:
- additionalProperties:
- type: object
- description: Metadata information
- type: object
- name:
- description: Unique function name
- type: string
- operation:
- description: If type is `rest`, #.
- If type is `rpc`, ##.
- If type is `expression`, defines the workflow expression.
- If the type is `custom`, #.
- type: string
- type:
- default: rest
- description: Defines the function type. Is either `custom`,
- `rest`, `rpc`, `expression`, `graphql`, `odata` or `asyncapi`.
- Default is `rest`.
- enum:
- - rest
- - rpc
- - expression
- - graphql
- - odata
- - asyncapi
- - custom
- type: string
- required:
- - name
- - operation
- type: object
- type: array
- keepActive:
- description: If "true", workflow instances is not terminated when
- there are no active execution paths. Instance can be terminated
- with "terminate end definition" or reaching defined "workflowExecTimeout"
- type: boolean
- metadata:
- description: Metadata custom information shared with the runtime.
- x-kubernetes-preserve-unknown-fields: true
- retries:
- items:
- description: Retry ...
- properties:
- delay:
- description: Time delay between retry attempts (ISO 8601
- duration format)
- type: string
- increment:
- description: Static value by which the delay increases during
- each attempt (ISO 8601 time format)
- type: string
- jitter:
- description: "If float type, maximum amount of random time
- added or subtracted from the delay between each retry
- relative to total delay (between 0 and 1). If string type,
- absolute maximum amount of random time added or subtracted
- from the delay between each retry (ISO 8601 duration format)
- TODO: make iso8601duration compatible this type"
- properties:
- floatVal:
- type: number
- strVal:
- type: string
- type:
- description: Type represents the stored type of Float32OrString.
- format: int64
- type: integer
- type: object
- maxAttempts:
- anyOf:
- - type: integer
- - type: string
- description: Maximum number of retry attempts.
- x-kubernetes-int-or-string: true
- maxDelay:
- description: Maximum time delay between retry attempts (ISO
- 8601 duration format)
- type: string
- multiplier:
- description: Numeric value, if specified the delay between
- retries is multiplied by this value.
- properties:
- floatVal:
- type: number
- strVal:
- type: string
- type:
- description: Type represents the stored type of Float32OrString.
- format: int64
- type: integer
- type: object
- name:
- description: Unique retry strategy name
- type: string
- required:
- - maxAttempts
- - name
- type: object
- type: array
- secrets:
- description: Secrets allow you to access sensitive information,
- such as passwords, OAuth tokens, ssh keys, etc, inside your
- Workflow Expressions.
- items:
- type: string
- type: array
- start:
- description: Workflow start definition.
- x-kubernetes-preserve-unknown-fields: true
- states:
- items:
- properties:
- callbackState:
- description: callbackState executes a function and waits
- for callback event that indicates completion of the task.
- properties:
- action:
- description: Defines the action to be executed.
- properties:
- actionDataFilter:
- description: Filter the state data to select only
- the data that can be used within function definition
- arguments using its fromStateData property. Filter
- the action results to select only the result data
- that should be added/merged back into the state
- data using its results property. Select the part
- of state data which the action data results should
- be added/merged to using the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that filters
- state data that can be used by the action.
- type: string
- results:
- description: Workflow expression that filters
- the actions data results.
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action results
- should be added/merged into. If not specified
- denotes the top-level state data element.
- type: string
- useResults:
- description: If set to false, action data results
- are not added/merged to state data. In this
- case 'results' and 'toStateData' should be
- ignored. Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must evaluate
- to true for this action to be performed. If false,
- action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and 'result'
- reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension context
- attributes to the produced event.
- type: object
- data:
- description: If string type, an expression which
- selects parts of the states data output to
- become the data (payload) of the event referenced
- by triggerEventRef. If object type, a custom
- object to become the data (payload) of the
- event referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique name of
- a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time (ISO 8601
- format) to wait for the result event. If not
- defined it be set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique name of
- a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to be passed
- to the referenced function TODO: validate
- it as required if function type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced function.
- type: string
- selectionSet:
- description: "Used if function type is graphql.
- String containing a valid GraphQL selection
- set. TODO: validate it as required if function
- type is graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should not
- be retried. Used only when `autoRetries` is set
- to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow retry
- definition. If not defined uses the default runtime
- retry definition.
- type: string
- retryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should be
- retried. Used only when `autoRetries` is set to
- `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow execution
- should sleep before / after function execution.
- properties:
- after:
- description: Defines amount of time (ISO 8601
- duration format) to sleep after function/subflow
- invocation. Does not apply if 'eventRef' is
- defined.
- type: string
- before:
- description: Defines amount of time (ISO 8601
- duration format) to sleep before function/subflow
- invocation. Does not apply if 'eventRef' is
- defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow should
- be invoked sync or async. Defaults to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies how
- subflow execution should behave when parent
- workflow completes if invoke is 'async'. Defaults
- to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- eventDataFilter:
- description: Event data filter definition.
- properties:
- data:
- description: Workflow expression that filters of
- the event data (payload).
- type: string
- toStateData:
- description: Workflow expression that selects a
- state data element to which the action results
- should be added/merged into. If not specified
- denotes the top-level state data element
- type: string
- useData:
- description: If set to false, event payload is not
- added/merged to state data. In this case 'data'
- and 'toStateData' should be ignored. Default is
- true.
- type: boolean
- type: object
- eventRef:
- description: References a unique callback event name
- in the defined workflow events.
- type: string
- timeouts:
- description: Time period to wait for incoming events
- (ISO 8601 format)
- properties:
- actionExecTimeout:
- description: Default single actions definition execution
- timeout (ISO 8601 duration format)
- type: string
- eventTimeout:
- description: Default timeout for consuming defined
- events (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - action
- - eventRef
- type: object
- compensatedBy:
- description: Unique Name of a workflow state which is responsible
- for compensation of this state.
- type: string
- delayState:
- description: delayState Causes the workflow execution to
- delay for a specified duration.
- properties:
- timeDelay:
- description: Amount of time (ISO 8601 format) to delay
- type: string
- required:
- - timeDelay
- type: object
- end:
- description: State end definition.
- x-kubernetes-preserve-unknown-fields: true
- eventState:
- description: event states await one or more events and perform
- actions when they are received. If defined as the workflow
- starting state, the event state definition controls when
- the workflow instances should be created.
- properties:
- exclusive:
- default: true
- description: If true consuming one of the defined events
- causes its associated actions to be performed. If
- false all the defined events must be consumed in order
- for actions to be performed. Defaults to true.
- type: boolean
- onEvents:
- description: Define the events to be consumed and optional
- actions to be performed.
- items:
- description: OnEvents define which actions are be
- performed for the one or more events.
- properties:
- actionMode:
- default: sequential
- description: Should actions be performed sequentially
- or in parallel. Default is sequential.
- enum:
- - sequential
- - parallel
- type: string
- actions:
- description: Actions to be performed if expression
- matches
- items:
- description: Action specify invocations of services
- or other workflows during workflow execution.
- properties:
- actionDataFilter:
- description: Filter the state data to select
- only the data that can be used within
- function definition arguments using its
- fromStateData property. Filter the action
- results to select only the result data
- that should be added/merged back into
- the state data using its results property.
- Select the part of state data which the
- action data results should be added/merged
- to using the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that
- filters state data that can be used
- by the action.
- type: string
- results:
- description: Workflow expression that
- filters the actions data results.
- type: string
- toStateData:
- description: Workflow expression that
- selects a state data element to which
- the action results should be added/merged
- into. If not specified denotes the
- top-level state data element.
- type: string
- useResults:
- description: If set to false, action
- data results are not added/merged
- to state data. In this case 'results'
- and 'toStateData' should be ignored.
- Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must
- evaluate to true for this action to be
- performed. If false, action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and
- 'result' reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension
- context attributes to the produced
- event.
- type: object
- data:
- description: If string type, an expression
- which selects parts of the states
- data output to become the data (payload)
- of the event referenced by triggerEventRef.
- If object type, a custom object to
- become the data (payload) of the event
- referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function
- should be invoked sync or async. Default
- is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique
- name of a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time
- (ISO 8601 format) to wait for the
- result event. If not defined it be
- set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique
- name of a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function
- definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to
- be passed to the referenced function
- TODO: validate it as required if function
- type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function
- should be invoked sync or async. Default
- is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced
- function.
- type: string
- selectionSet:
- description: "Used if function type
- is graphql. String containing a valid
- GraphQL selection set. TODO: validate
- it as required if function type is
- graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to
- defined workflow errors for which the
- action should not be retried. Used only
- when `autoRetries` is set to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow
- retry definition. If not defined uses
- the default runtime retry definition.
- type: string
- retryableErrors:
- description: List of unique references to
- defined workflow errors for which the
- action should be retried. Used only when
- `autoRetries` is set to `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow
- execution should sleep before / after
- function execution.
- properties:
- after:
- description: Defines amount of time
- (ISO 8601 duration format) to sleep
- after function/subflow invocation.
- Does not apply if 'eventRef' is defined.
- type: string
- before:
- description: Defines amount of time
- (ISO 8601 duration format) to sleep
- before function/subflow invocation.
- Does not apply if 'eventRef' is defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be
- invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow
- should be invoked sync or async. Defaults
- to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies
- how subflow execution should behave
- when parent workflow completes if
- invoke is 'async'. Defaults to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- type: array
- eventDataFilter:
- description: eventDataFilter defines the callback
- event data filter definition
- properties:
- data:
- description: Workflow expression that filters
- of the event data (payload).
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action
- results should be added/merged into. If
- not specified denotes the top-level state
- data element
- type: string
- useData:
- description: If set to false, event payload
- is not added/merged to state data. In this
- case 'data' and 'toStateData' should be
- ignored. Default is true.
- type: boolean
- type: object
- eventRefs:
- description: References one or more unique event
- names in the defined workflow events.
- items:
- type: string
- minItems: 1
- type: array
- required:
- - eventRefs
- type: object
- minItems: 1
- type: array
- timeouts:
- description: State specific timeouts.
- properties:
- actionExecTimeout:
- description: Default single actions definition execution
- timeout (ISO 8601 duration format)
- type: string
- eventTimeout:
- description: Default timeout for consuming defined
- events (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - onEvents
- type: object
- forEachState:
- description: forEachState used to execute actions for each
- element of a data set.
- properties:
- actions:
- description: Actions to be executed for each of the
- elements of inputCollection.
- items:
- description: Action specify invocations of services
- or other workflows during workflow execution.
- properties:
- actionDataFilter:
- description: Filter the state data to select only
- the data that can be used within function definition
- arguments using its fromStateData property.
- Filter the action results to select only the
- result data that should be added/merged back
- into the state data using its results property.
- Select the part of state data which the action
- data results should be added/merged to using
- the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that filters
- state data that can be used by the action.
- type: string
- results:
- description: Workflow expression that filters
- the actions data results.
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action
- results should be added/merged into. If
- not specified denotes the top-level state
- data element.
- type: string
- useResults:
- description: If set to false, action data
- results are not added/merged to state data.
- In this case 'results' and 'toStateData'
- should be ignored. Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must evaluate
- to true for this action to be performed. If
- false, action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and 'result'
- reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension context
- attributes to the produced event.
- type: object
- data:
- description: If string type, an expression
- which selects parts of the states data output
- to become the data (payload) of the event
- referenced by triggerEventRef. If object
- type, a custom object to become the data
- (payload) of the event referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique name
- of a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time (ISO 8601
- format) to wait for the result event. If
- not defined it be set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique name
- of a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to be passed
- to the referenced function TODO: validate
- it as required if function type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced function.
- type: string
- selectionSet:
- description: "Used if function type is graphql.
- String containing a valid GraphQL selection
- set. TODO: validate it as required if function
- type is graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should
- not be retried. Used only when `autoRetries`
- is set to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow retry
- definition. If not defined uses the default
- runtime retry definition.
- type: string
- retryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should
- be retried. Used only when `autoRetries` is
- set to `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow execution
- should sleep before / after function execution.
- properties:
- after:
- description: Defines amount of time (ISO 8601
- duration format) to sleep after function/subflow
- invocation. Does not apply if 'eventRef'
- is defined.
- type: string
- before:
- description: Defines amount of time (ISO 8601
- duration format) to sleep before function/subflow
- invocation. Does not apply if 'eventRef'
- is defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow should
- be invoked sync or async. Defaults to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies how
- subflow execution should behave when parent
- workflow completes if invoke is 'async'.
- Defaults to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- minItems: 0
- type: array
- batchSize:
- anyOf:
- - type: integer
- - type: string
- description: Specifies how many iterations may run in
- parallel at the same time. Used if mode property is
- set to parallel (default). If not specified, its value
- should be the size of the inputCollection.
- x-kubernetes-int-or-string: true
- inputCollection:
- description: Workflow expression selecting an array
- element of the states' data.
- type: string
- iterationParam:
- description: Name of the iteration parameter that can
- be referenced in actions/workflow. For each parallel
- iteration, this param should contain a unique element
- of the inputCollection array.
- type: string
- mode:
- default: parallel
- description: Specifies how iterations are to be performed
- (sequential or in parallel), defaults to parallel.
- enum:
- - sequential
- - parallel
- type: string
- outputCollection:
- description: Workflow expression specifying an array
- element of the states data to add the results of each
- iteration.
- type: string
- timeouts:
- description: State specific timeout.
- properties:
- actionExecTimeout:
- description: Default single actions definition execution
- timeout (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - inputCollection
- type: object
- id:
- description: Unique State id.
- type: string
- injectState:
- description: injectState used to inject static data into
- state data input.
- properties:
- data:
- additionalProperties:
- type: object
- description: JSON object which can be set as state's
- data input and can be manipulated via filter
- minProperties: 1
- type: object
- timeouts:
- description: State specific timeouts
- properties:
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - data
- type: object
- metadata:
- additionalProperties:
- type: object
- description: Metadata information.
- type: object
- name:
- description: State name.
- type: string
- onErrors:
- description: States error handling and retries definitions.
- items:
- description: OnError ...
- properties:
- end:
- description: End workflow execution in case of this
- error. If retryRef is defined, this ends workflow
- only if retries were unsuccessful.
- x-kubernetes-preserve-unknown-fields: true
- errorRef:
- description: ErrorRef Reference to a unique workflow
- error definition. Used of errorRefs is not used
- type: string
- errorRefs:
- description: ErrorRefs References one or more workflow
- error definitions. Used if errorRef is not used
- items:
- type: string
- type: array
- transition:
- description: Transition to next state to handle the
- error. If retryRef is defined, this transition is
- taken only if retries were unsuccessful.
- x-kubernetes-preserve-unknown-fields: true
- type: object
- type: array
- operationState:
- description: operationState defines a set of actions to
- be performed in sequence or in parallel.
- properties:
- actionMode:
- default: sequential
- description: Specifies whether actions are performed
- in sequence or in parallel, defaults to sequential.
- enum:
- - sequential
- - parallel
- type: string
- actions:
- description: Actions to be performed
- items:
- description: Action specify invocations of services
- or other workflows during workflow execution.
- properties:
- actionDataFilter:
- description: Filter the state data to select only
- the data that can be used within function definition
- arguments using its fromStateData property.
- Filter the action results to select only the
- result data that should be added/merged back
- into the state data using its results property.
- Select the part of state data which the action
- data results should be added/merged to using
- the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that filters
- state data that can be used by the action.
- type: string
- results:
- description: Workflow expression that filters
- the actions data results.
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action
- results should be added/merged into. If
- not specified denotes the top-level state
- data element.
- type: string
- useResults:
- description: If set to false, action data
- results are not added/merged to state data.
- In this case 'results' and 'toStateData'
- should be ignored. Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must evaluate
- to true for this action to be performed. If
- false, action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and 'result'
- reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension context
- attributes to the produced event.
- type: object
- data:
- description: If string type, an expression
- which selects parts of the states data output
- to become the data (payload) of the event
- referenced by triggerEventRef. If object
- type, a custom object to become the data
- (payload) of the event referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique name
- of a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time (ISO 8601
- format) to wait for the result event. If
- not defined it be set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique name
- of a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to be passed
- to the referenced function TODO: validate
- it as required if function type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced function.
- type: string
- selectionSet:
- description: "Used if function type is graphql.
- String containing a valid GraphQL selection
- set. TODO: validate it as required if function
- type is graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should
- not be retried. Used only when `autoRetries`
- is set to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow retry
- definition. If not defined uses the default
- runtime retry definition.
- type: string
- retryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should
- be retried. Used only when `autoRetries` is
- set to `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow execution
- should sleep before / after function execution.
- properties:
- after:
- description: Defines amount of time (ISO 8601
- duration format) to sleep after function/subflow
- invocation. Does not apply if 'eventRef'
- is defined.
- type: string
- before:
- description: Defines amount of time (ISO 8601
- duration format) to sleep before function/subflow
- invocation. Does not apply if 'eventRef'
- is defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow should
- be invoked sync or async. Defaults to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies how
- subflow execution should behave when parent
- workflow completes if invoke is 'async'.
- Defaults to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- minItems: 0
- type: array
- timeouts:
- description: State specific timeouts
- properties:
- actionExecTimeout:
- description: Default single actions definition execution
- timeout (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Defines workflow state execution timeout.
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - actions
- type: object
- parallelState:
- description: parallelState Consists of a number of states
- that are executed in parallel.
- properties:
- branches:
- description: List of branches for this parallel state.
- items:
- description: Branch Definition
- properties:
- actions:
- description: Actions to be executed in this branch
- items:
- description: Action specify invocations of services
- or other workflows during workflow execution.
- properties:
- actionDataFilter:
- description: Filter the state data to select
- only the data that can be used within
- function definition arguments using its
- fromStateData property. Filter the action
- results to select only the result data
- that should be added/merged back into
- the state data using its results property.
- Select the part of state data which the
- action data results should be added/merged
- to using the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that
- filters state data that can be used
- by the action.
- type: string
- results:
- description: Workflow expression that
- filters the actions data results.
- type: string
- toStateData:
- description: Workflow expression that
- selects a state data element to which
- the action results should be added/merged
- into. If not specified denotes the
- top-level state data element.
- type: string
- useResults:
- description: If set to false, action
- data results are not added/merged
- to state data. In this case 'results'
- and 'toStateData' should be ignored.
- Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must
- evaluate to true for this action to be
- performed. If false, action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and
- 'result' reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension
- context attributes to the produced
- event.
- type: object
- data:
- description: If string type, an expression
- which selects parts of the states
- data output to become the data (payload)
- of the event referenced by triggerEventRef.
- If object type, a custom object to
- become the data (payload) of the event
- referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function
- should be invoked sync or async. Default
- is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique
- name of a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time
- (ISO 8601 format) to wait for the
- result event. If not defined it be
- set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique
- name of a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function
- definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to
- be passed to the referenced function
- TODO: validate it as required if function
- type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function
- should be invoked sync or async. Default
- is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced
- function.
- type: string
- selectionSet:
- description: "Used if function type
- is graphql. String containing a valid
- GraphQL selection set. TODO: validate
- it as required if function type is
- graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to
- defined workflow errors for which the
- action should not be retried. Used only
- when `autoRetries` is set to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow
- retry definition. If not defined uses
- the default runtime retry definition.
- type: string
- retryableErrors:
- description: List of unique references to
- defined workflow errors for which the
- action should be retried. Used only when
- `autoRetries` is set to `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow
- execution should sleep before / after
- function execution.
- properties:
- after:
- description: Defines amount of time
- (ISO 8601 duration format) to sleep
- after function/subflow invocation.
- Does not apply if 'eventRef' is defined.
- type: string
- before:
- description: Defines amount of time
- (ISO 8601 duration format) to sleep
- before function/subflow invocation.
- Does not apply if 'eventRef' is defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be
- invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow
- should be invoked sync or async. Defaults
- to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies
- how subflow execution should behave
- when parent workflow completes if
- invoke is 'async'. Defaults to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- minItems: 1
- type: array
- name:
- description: Branch name
- type: string
- timeouts:
- description: Branch specific timeout settings
- properties:
- actionExecTimeout:
- description: Single actions definition execution
- timeout duration (ISO 8601 duration format)
- type: string
- branchExecTimeout:
- description: Single branch execution timeout
- duration (ISO 8601 duration format)
- type: string
- type: object
- required:
- - actions
- - name
- type: object
- minItems: 1
- type: array
- completionType:
- default: allOf
- description: Option types on how to complete branch
- execution. Defaults to `allOf`.
- enum:
- - allOf
- - atLeast
- type: string
- numCompleted:
- anyOf:
- - type: integer
- - type: string
- description: "Used when branchCompletionType is set
- to atLeast to specify the least number of branches
- that must complete in order for the state to transition/end.
- TODO: change this field to unmarshal result as int"
- x-kubernetes-int-or-string: true
- timeouts:
- description: State specific timeouts
- properties:
- branchExecTimeout:
- description: Default single branch execution timeout
- (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - branches
- type: object
- sleepState:
- description: sleepState suspends workflow execution for
- a given time duration.
- properties:
- duration:
- description: Duration (ISO 8601 duration format) to
- sleep
- type: string
- timeouts:
- description: Timeouts State specific timeouts
- properties:
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - duration
- type: object
- stateDataFilter:
- description: State data filter.
- properties:
- input:
- description: Workflow expression to filter the state
- data input
- type: string
- output:
- description: Workflow expression that filters the state
- data output
- type: string
- type: object
- switchState:
- description: "switchState is workflow's gateways: direct
- transitions onf a workflow based on certain conditions."
- properties:
- dataConditions:
- description: Defines conditions evaluated against data
- items:
- description: DataCondition specify a data-based condition
- statement which causes a transition to another workflow
- state if evaluated to true.
- properties:
- condition:
- description: Workflow expression evaluated against
- state data. Must evaluate to true or false.
- type: string
- end:
- description: TODO End or Transition needs to be
- exclusive tag, one or another should be set.
- Explicit transition to end
- properties:
- compensate:
- description: If set to true, triggers workflow
- compensation before workflow execution completes.
- Default is false.
- type: boolean
- continueAs:
- description: Defines that current workflow
- execution should stop, and execution should
- continue as a new workflow instance of the
- provided id
- properties:
- data:
- description: If string type, an expression
- which selects parts of the states data
- output to become the workflow data input
- of continued execution. If object type,
- a custom object to become the workflow
- data input of the continued execution
- type: object
- version:
- description: Version of the workflow to
- continue execution as.
- type: string
- workflowExecTimeout:
- description: WorkflowExecTimeout Workflow
- execution timeout to be used by the
- workflow continuing execution. Overwrites
- any specific settings set by that workflow
- properties:
- duration:
- default: unlimited
- description: Workflow execution timeout
- duration (ISO 8601 duration format).
- If not specified should be 'unlimited'.
- type: string
- interrupt:
- description: If false, workflow instance
- is allowed to finish current execution.
- If true, current workflow execution
- is stopped immediately. Default
- is false.
- type: boolean
- runBefore:
- description: Name of a workflow state
- to be executed before workflow instance
- is terminated.
- type: string
- required:
- - duration
- type: object
- workflowId:
- description: Unique id of the workflow
- to continue execution as.
- type: string
- required:
- - workflowId
- type: object
- produceEvents:
- description: Array of producedEvent definitions.
- Defines events that should be produced.
- items:
- description: ProduceEvent Defines the event
- (CloudEvent format) to be produced when
- workflow execution completes or during
- a workflow transitions. The eventRef property
- must match the name of one of the defined
- produced events in the events definition.
- properties:
- contextAttributes:
- additionalProperties:
- type: string
- description: Add additional event extension
- context attributes.
- type: object
- data:
- description: If String, expression which
- selects parts of the states data output
- to become the data of the produced
- event. If object a custom object to
- become the data of produced event.
- type: object
- eventRef:
- description: Reference to a defined
- unique event name in the events definition
- type: string
- required:
- - eventRef
- type: object
- type: array
- terminate:
- description: If true, completes all execution
- flows in the given workflow instance.
- type: boolean
- type: object
- metadata:
- additionalProperties:
- type: object
- description: Metadata information.
- type: object
- name:
- description: Data condition name.
- type: string
- transition:
- description: Workflow transition if condition
- is evaluated to true
- properties:
- compensate:
- default: false
- description: If set to true, triggers workflow
- compensation before this transition is taken.
- Default is false.
- type: boolean
- nextState:
- description: Name of the state to transition
- to next.
- type: string
- produceEvents:
- description: Array of producedEvent definitions.
- Events to be produced before the transition
- takes place.
- items:
- description: ProduceEvent Defines the event
- (CloudEvent format) to be produced when
- workflow execution completes or during
- a workflow transitions. The eventRef property
- must match the name of one of the defined
- produced events in the events definition.
- properties:
- contextAttributes:
- additionalProperties:
- type: string
- description: Add additional event extension
- context attributes.
- type: object
- data:
- description: If String, expression which
- selects parts of the states data output
- to become the data of the produced
- event. If object a custom object to
- become the data of produced event.
- type: object
- eventRef:
- description: Reference to a defined
- unique event name in the events definition
- type: string
- required:
- - eventRef
- type: object
- type: array
- required:
- - nextState
- type: object
- required:
- - condition
- - end
- type: object
- type: array
- defaultCondition:
- description: Default transition of the workflow if there
- is no matching data conditions. Can include a transition
- or end definition.
- properties:
- end:
- description: If this state an end state
- x-kubernetes-preserve-unknown-fields: true
- transition:
- description: Serverless workflow states can have
- one or more incoming and outgoing transitions
- (from/to other states). Each state can define
- a transition definition that is used to determine
- which state to transition to next.
- x-kubernetes-preserve-unknown-fields: true
- type: object
- eventConditions:
- description: Defines conditions evaluated against events.
- items:
- description: EventCondition specify events which the
- switch state must wait for.
- properties:
- end:
- description: TODO End or Transition needs to be
- exclusive tag, one or another should be set.
- Explicit transition to end
- x-kubernetes-preserve-unknown-fields: true
- eventDataFilter:
- description: Event data filter definition.
- properties:
- data:
- description: Workflow expression that filters
- of the event data (payload).
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action
- results should be added/merged into. If
- not specified denotes the top-level state
- data element
- type: string
- useData:
- description: If set to false, event payload
- is not added/merged to state data. In this
- case 'data' and 'toStateData' should be
- ignored. Default is true.
- type: boolean
- type: object
- eventRef:
- description: References a unique event name in
- the defined workflow events.
- type: string
- metadata:
- description: Metadata information.
- x-kubernetes-preserve-unknown-fields: true
- name:
- description: Event condition name.
- type: string
- transition:
- description: Workflow transition if condition
- is evaluated to true
- x-kubernetes-preserve-unknown-fields: true
- required:
- - eventRef
- type: object
- type: array
- timeouts:
- description: SwitchState specific timeouts
- properties:
- eventTimeout:
- description: "Specify the expire value to transitions
- to defaultCondition. When event-based conditions
- do not arrive. NOTE: this is only available for
- EventConditions"
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - defaultCondition
- type: object
- transition:
- description: Next transition of the workflow after the time
- delay.
- x-kubernetes-preserve-unknown-fields: true
- type:
- description: stateType can be any of delay, callback, event,
- foreach, inject, operation, parallel, sleep, switch
- enum:
- - delay
- - callback
- - event
- - foreach
- - inject
- - operation
- - parallel
- - sleep
- - switch
- type: string
- usedForCompensation:
- description: If true, this state is used to compensate another
- state. Default is false.
- type: boolean
- required:
- - name
- - type
- type: object
- minItems: 1
- type: array
- x-kubernetes-preserve-unknown-fields: true
- timeouts:
- description: Defines the workflow default timeout settings.
- properties:
- actionExecTimeout:
- description: ActionExecTimeout Single actions definition execution
- timeout duration (ISO 8601 duration format).
- type: string
- branchExecTimeout:
- description: BranchExecTimeout Single branch execution timeout
- duration (ISO 8601 duration format).
- type: string
- eventTimeout:
- description: EventTimeout Timeout duration to wait for consuming
- defined events (ISO 8601 duration format).
- type: string
- stateExecTimeout:
- description: StateExecTimeout Total state execution timeout
- (including retries) (ISO 8601 duration format).
- properties:
- single:
- description: Single state execution timeout, not including
- retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout, including
- retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- workflowExecTimeout:
- description: WorkflowExecTimeout Workflow execution timeout
- duration (ISO 8601 duration format). If not specified should
- be 'unlimited'.
- properties:
- duration:
- default: unlimited
- description: Workflow execution timeout duration (ISO
- 8601 duration format). If not specified should be 'unlimited'.
- type: string
- interrupt:
- description: If false, workflow instance is allowed to
- finish current execution. If true, current workflow
- execution is stopped immediately. Default is false.
- type: boolean
- runBefore:
- description: Name of a workflow state to be executed before
- workflow instance is terminated.
- type: string
- required:
- - duration
- type: object
- type: object
- required:
- - states
- type: object
- persistence:
- description: Persistence defines the database persistence configuration
- for the workflow
- maxProperties: 1
- properties:
- postgresql:
- description: Connect configured services to a postgresql database.
- maxProperties: 2
- minProperties: 2
- properties:
- jdbcUrl:
- description: PostgreSql JDBC URL. Mutually exclusive to serviceRef.
- e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
- type: string
- secretRef:
- description: Secret reference to the database user credentials
- properties:
- name:
- description: Name of the postgresql credentials secret.
- type: string
- passwordKey:
- description: Defaults to POSTGRESQL_PASSWORD
- type: string
- userKey:
- description: Defaults to POSTGRESQL_USER
- type: string
- required:
- - name
- type: object
- serviceRef:
- description: Service reference to postgresql datasource. Mutually
- exclusive to jdbcUrl.
- properties:
- databaseName:
- description: Name of postgresql database to be used. Defaults
- to "sonataflow"
- type: string
- databaseSchema:
- description: Schema of postgresql database to be used.
- Defaults to "data-index-service"
- type: string
- name:
- description: Name of the postgresql k8s service.
- type: string
- namespace:
- description: Namespace of the postgresql k8s service.
- Defaults to the SonataFlowPlatform's local namespace.
- type: string
- port:
- description: Port to use when connecting to the postgresql
- k8s service. Defaults to 5432.
- type: integer
- required:
- - name
- type: object
- required:
- - secretRef
- type: object
- type: object
- podTemplate:
- description: PodTemplate describes the deployment details of this
- SonataFlow instance.
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may be active
- on the node relative to StartTime before the system will actively
- try to mark it failed and kill associated containers. Value
- must be a positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules for
- the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated with
- the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching the
- corresponding nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms.
- The terms are ORed.
- items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- type: array
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules (e.g.
- co-locate this pod in the same node, zone, etc. as some
- other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred
- node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling rules
- (e.g. avoid putting this pod in the same node, zone, etc.
- as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred
- node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates whether a
- service account token should be automatically mounted.
- type: boolean
- container:
- description: Container is the Kubernetes container where the application
- should run. One can change this attribute in order to override
- the defaults provided by the operator.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container image''s
- CMD is used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s environment.
- If a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated. More
- info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell.
- The container image''s ENTRYPOINT is used if this is not
- provided. Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables
- in the container and any service environment variables.
- If a variable cannot be resolved, the reference in
- the input string will be unchanged. Double $$ are
- reduced to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether the
- variable exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must
- be a C_IDENTIFIER. All invalid keys will be reported as
- an event when the container is starting. When a key exists
- in multiple sources, the value associated with the last
- source will take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set
- of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend to each
- key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the Secret must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should take
- in response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately after a
- container is created. If the handler fails, the container
- is terminated and restarted according to its restart
- policy. Other management of the container blocks until
- the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory
- for the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it
- is not run inside a shell, so traditional shell
- instructions ('|', etc) won't work. To use a
- shell, you need to explicitly call out to that
- shell. Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to
- perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this field
- and lifecycle hooks will fail in runtime when tcp
- handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before a container
- is terminated due to an API request or management event
- such as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is not called
- if the container crashes or exits. The Pod's termination
- grace period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the handler,
- the container will eventually terminate within the Pod's
- termination grace period (unless delayed by finalizers).
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory
- for the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it
- is not run inside a shell, so traditional shell
- instructions ('|', etc) won't work. To use a
- shell, you need to explicitly call out to that
- shell. Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to
- perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this field
- and lifecycle hooks will fail in runtime when tcp
- handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service to
- place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container has
- started before liveness probes are initiated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving a
- TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to, defaults
- to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided by
- the pod spec. Value must be non-negative integer. The
- value zero indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta field
- and requires enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- ports:
- description: List of ports to expose from the container. Not
- specifying a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default ""
- address inside a container will be accessible from the network.
- Modifying this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in
- a single container.
- properties:
- containerPort:
- description: Number of port to expose on the pod's IP
- address. This must be a valid port number, 0 < x <
- 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external port
- to.
- type: string
- hostPort:
- description: Number of port to expose on the host. If
- specified, this must be a valid port number, 0 < x
- < 65536. If HostNetwork is specified, this must match
- ContainerPort. Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a pod
- must have a unique name. Name for the port that can
- be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP, TCP, or
- SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service readiness.
- Container will be removed from service endpoints if the
- probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service to
- place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container has
- started before liveness probes are initiated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving a
- TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to, defaults
- to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided by
- the pod spec. Value must be non-negative integer. The
- value zero indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta field
- and requires enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource resize
- policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which this resource
- resize policy applies. Supported values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it defaults
- to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where this
- field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount of
- compute resources required. If Requests is omitted for
- a container, it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined value.
- Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security options
- the container should be run with. If set, the fields of
- SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls whether
- a process can gain more privileges than its parent process.
- This bool directly controls if the no_new_privs flag
- will be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN Note that this field cannot be
- set when spec.os.name is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running
- containers. Defaults to the default set of capabilities
- granted by the container runtime. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes
- in privileged containers are essentially equivalent
- to root on the host. Defaults to false. Note that this
- field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount
- to use for the containers. The default is DefaultProcMount
- which uses the container runtime defaults for readonly
- paths and masked paths. This requires the ProcMountType
- feature flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only root
- filesystem. Default is false. Note that this field cannot
- be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as
- a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not run
- as UID 0 (root) and fail to start the container if it
- does. If unset or false, no such validation will be
- performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata
- if unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the
- container. If unspecified, the container runtime will
- allocate a random SELinux context for each container. May
- also be set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this container.
- If seccomp options are provided at both the pod & container
- level, the container options override the pod options.
- Note that this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used. The
- profile must be preconfigured on the node to work.
- Must be a descending path, relative to the kubelet's
- configured seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are: \n Localhost
- - a profile defined in a file on the node should
- be used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined - no
- profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied to
- all containers. If unspecified, the options from the
- PodSecurityContext will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec
- named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of
- the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container. This
- field is alpha-level and will only be honored by
- components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the feature
- flag will result in errors when validating the Pod.
- All of a Pod's containers must have the same effective
- HostProcess value (it is not allowed to have a mix
- of HostProcess containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set
- in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed
- until this completes successfully. If this probe fails,
- the Pod will be restarted, just as if the livenessProbe
- failed. This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it might take
- a long time to load data or warm a cache, than during steady-state
- operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service to
- place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container has
- started before liveness probes are initiated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving a
- TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to, defaults
- to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided by
- the pod spec. Value must be non-negative integer. The
- value zero indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta field
- and requires enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer
- for stdin in the container runtime. If this is not set,
- reads from stdin in the container will always result in
- EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close the
- stdin channel after it has been opened by a single attach.
- When stdin is true the stdin stream will remain open across
- multiple attach sessions. If stdinOnce is set to true, stdin
- is opened on container start, is empty until the first client
- attaches to stdin, and then remains open and accepts data
- until the client disconnects, at which time stdin is closed
- and remains closed until the container is restarted. If
- this flag is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to which the
- container's termination message will be written is mounted
- into the container's filesystem. Message written is intended
- to be brief final status, such as an assertion failure message.
- Will be truncated by the node if greater than 4096 bytes.
- The total message length across all containers will be limited
- to 12kb. Defaults to /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should be
- populated. File will use the contents of terminationMessagePath
- to populate the container status message on both success
- and failure. FallbackToLogsOnError will use the last chunk
- of container log output if the termination message file
- is empty and the container exited with an error. The log
- output is limited to 2048 bytes or 80 lines, whichever is
- smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate a TTY
- for itself, also requires 'stdin' to be true. Default is
- false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices to
- be used by the container.
- items:
- description: volumeDevice describes a mapping of a raw block
- device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the container
- that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume
- within a container.
- properties:
- mountPath:
- description: Path within the container at which the
- volume should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts
- are propagated from the host to container and the
- other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise
- (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's
- root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which
- the container's volume should be mounted. Behaves
- similarly to SubPath but environment variable references
- $(VAR_NAME) are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr and SubPath
- are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- type: object
- containers:
- description: List of containers belonging to the pod. Containers
- cannot currently be added or removed. There must be at least
- one container in a Pod. Cannot be updated.
- items:
- description: A single application container that you want to
- run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell.
- The container image''s ENTRYPOINT is used if this is not
- provided. Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable cannot
- be resolved, the reference in the input string will be
- unchanged. Double $$ are reduced to a single $, which
- allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of whether
- the variable exists or not. Cannot be updated. More info:
- https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set in the
- container. Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are
- expanded using the previously defined environment
- variables in the container and any service environment
- variables. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for
- volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the
- pod's namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must
- be a C_IDENTIFIER. All invalid keys will be reported as
- an event when the container is starting. When a key exists
- in multiple sources, the value associated with the last
- source will take precedence. Values defined by an Env
- with a duplicate key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a
- set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend to
- each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the Secret must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should take
- in response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately after
- a container is created. If the handler fails, the
- container is terminated and restarted according to
- its restart policy. Other management of the container
- blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/') in
- the container's filesystem. The command is
- simply exec'd, it is not run inside a shell,
- so traditional shell instructions ('|', etc)
- won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is
- treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to
- the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this
- field and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before a
- container is terminated due to an API request or management
- event such as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is not called
- if the container crashes or exits. The Pod's termination
- grace period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the handler,
- the container will eventually terminate within the
- Pod's termination grace period (unless delayed by
- finalizers). Other management of the container blocks
- until the hook completes or until the termination
- grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/') in
- the container's filesystem. The command is
- simply exec'd, it is not run inside a shell,
- so traditional shell instructions ('|', etc)
- won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is
- treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to
- the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this
- field and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL.
- Each container in a pod must have a unique name (DNS_LABEL).
- Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that port
- from being exposed. Any port which is listening on the
- default "" address inside a container will be accessible
- from the network. Modifying this array with strategic
- merge patch may corrupt the data. For more information
- See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in
- a single container.
- properties:
- containerPort:
- description: Number of port to expose on the pod's
- IP address. This must be a valid port number, 0
- < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external port
- to.
- type: string
- hostPort:
- description: Number of port to expose on the host.
- If specified, this must be a valid port number,
- 0 < x < 65536. If HostNetwork is specified, this
- must match ContainerPort. Most containers do not
- need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a
- pod must have a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP, TCP,
- or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service readiness.
- Container will be removed from service endpoints if the
- probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which this resource
- resize policy applies. Supported values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it defaults
- to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in
- PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where
- this field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of
- compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is omitted
- for a container, it defaults to Limits if that is
- explicitly specified, otherwise to an implementation-defined
- value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security options
- the container should be run with. If set, the fields of
- SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls whether
- a process can gain more privileges than its parent
- process. This bool directly controls if the no_new_privs
- flag will be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN Note that this field cannot be
- set when spec.os.name is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running
- containers. Defaults to the default set of capabilities
- granted by the container runtime. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes
- in privileged containers are essentially equivalent
- to root on the host. Defaults to false. Note that
- this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount
- to use for the containers. The default is DefaultProcMount
- which uses the container runtime defaults for readonly
- paths and masked paths. This requires the ProcMountType
- feature flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that this
- field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as
- a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not run
- as UID 0 (root) and fail to start the container if
- it does. If unset or false, no such validation will
- be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata
- if unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the
- container. If unspecified, the container runtime will
- allocate a random SELinux context for each container. May
- also be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name is
- windows.
- properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this container.
- If seccomp options are provided at both the pod &
- container level, the container options override the
- pod options. Note that this field cannot be set when
- spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative to
- the kubelet's configured seccomp profile location.
- Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are: \n
- Localhost - a profile defined in a file on the
- node should be used. RuntimeDefault - the container
- runtime default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied to
- all containers. If unspecified, the options from the
- PodSecurityContext will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec
- named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container. This
- field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the feature
- flag will result in errors when validating the
- Pod. All of a Pod's containers must have the same
- effective HostProcess value (it is not allowed
- to have a mix of HostProcess containers and non-HostProcess
- containers). In addition, if HostProcess is true
- then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed
- until this completes successfully. If this probe fails,
- the Pod will be restarted, just as if the livenessProbe
- failed. This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it might
- take a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer
- for stdin in the container runtime. If this is not set,
- reads from stdin in the container will always result in
- EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close
- the stdin channel after it has been opened by a single
- attach. When stdin is true the stdin stream will remain
- open across multiple attach sessions. If stdinOnce is
- set to true, stdin is opened on container start, is empty
- until the first client attaches to stdin, and then remains
- open and accepts data until the client disconnects, at
- which time stdin is closed and remains closed until the
- container is restarted. If this flag is false, a container
- processes that reads from stdin will never receive an
- EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to which
- the container's termination message will be written is
- mounted into the container's filesystem. Message written
- is intended to be brief final status, such as an assertion
- failure message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across all containers
- will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should
- be populated. File will use the contents of terminationMessagePath
- to populate the container status message on both success
- and failure. FallbackToLogsOnError will use the last chunk
- of container log output if the termination message file
- is empty and the container exited with an error. The log
- output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate a TTY
- for itself, also requires 'stdin' to be true. Default
- is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of a raw
- block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the
- container that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume
- within a container.
- properties:
- mountPath:
- description: Path within the container at which the
- volume should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts
- are propagated from the host to container and the
- other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the
- container's volume should be mounted. Defaults to
- "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from
- which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable
- references $(VAR_NAME) are expanded using the container's
- environment. Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might
- be configured in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses. This
- will be appended to the base nameservers generated from
- DNSPolicy. Duplicated nameservers will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This will be
- merged with the base options generated from DNSPolicy. Duplicated
- entries will be removed. Resolution options given in Options
- will override those that appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver options
- of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name lookup.
- This will be appended to the base search paths generated
- from DNSPolicy. Duplicated search paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig will
- be merged with the policy selected with DNSPolicy. To have DNS
- options set along with hostNetwork, you have to specify DNS
- policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: "EnableServiceLinks indicates whether information
- about services should be injected into pod's environment variables,
- matching the syntax of Docker links. Optional: Defaults to true."
- type: boolean
- hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
- items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: "Use the host's ipc namespace. Optional: Default
- to false."
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod. Use the host's
- network namespace. If this option is set, the ports that will
- be used must be specified. Default to false.
- type: boolean
- hostPID:
- description: "Use the host's pid namespace. Optional: Default
- to false."
- type: boolean
- hostUsers:
- description: "Use the host's user namespace. Optional: Default
- to true. If set to true or not present, the pod will be run
- in the host user namespace, useful for when the pod needs a
- feature only available to the host user namespace, such as loading
- a kernel module with CAP_SYS_MODULE. When set to false, a new
- userns is created for the pod. Setting false is useful for mitigating
- container breakout vulnerabilities even allowing users to run
- their containers as root without actually having root privileges
- on the host. This field is alpha-level and is only honored by
- servers that enable the UserNamespacesSupport feature."
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not specified,
- the pod's hostname will be set to a system-defined value.
- type: string
- imagePullSecrets:
- description: "ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod"
- items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- initContainers:
- description: "List of initialization containers belonging to the
- pod. Init containers are executed in order prior to containers
- being started. If any init container fails, the pod is considered
- to have failed and is handled according to its restartPolicy.
- The name for an init container or normal container must be unique
- among all containers. Init containers may not have Lifecycle
- actions, Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken into
- account during scheduling by finding the highest request/limit
- for each resource type, and then using the max of of that value
- or the sum of the normal containers. Limits are applied to init
- containers in a similar fashion. Init containers cannot currently
- be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
- items:
- description: A single application container that you want to
- run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell.
- The container image''s ENTRYPOINT is used if this is not
- provided. Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable cannot
- be resolved, the reference in the input string will be
- unchanged. Double $$ are reduced to a single $, which
- allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of whether
- the variable exists or not. Cannot be updated. More info:
- https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set in the
- container. Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are
- expanded using the previously defined environment
- variables in the container and any service environment
- variables. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for
- volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the
- pod's namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must
- be a C_IDENTIFIER. All invalid keys will be reported as
- an event when the container is starting. When a key exists
- in multiple sources, the value associated with the last
- source will take precedence. Values defined by an Env
- with a duplicate key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a
- set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend to
- each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the Secret must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should take
- in response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately after
- a container is created. If the handler fails, the
- container is terminated and restarted according to
- its restart policy. Other management of the container
- blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/') in
- the container's filesystem. The command is
- simply exec'd, it is not run inside a shell,
- so traditional shell instructions ('|', etc)
- won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is
- treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to
- the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this
- field and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before a
- container is terminated due to an API request or management
- event such as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is not called
- if the container crashes or exits. The Pod's termination
- grace period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the handler,
- the container will eventually terminate within the
- Pod's termination grace period (unless delayed by
- finalizers). Other management of the container blocks
- until the hook completes or until the termination
- grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/') in
- the container's filesystem. The command is
- simply exec'd, it is not run inside a shell,
- so traditional shell instructions ('|', etc)
- won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is
- treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to
- the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this
- field and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL.
- Each container in a pod must have a unique name (DNS_LABEL).
- Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that port
- from being exposed. Any port which is listening on the
- default "" address inside a container will be accessible
- from the network. Modifying this array with strategic
- merge patch may corrupt the data. For more information
- See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in
- a single container.
- properties:
- containerPort:
- description: Number of port to expose on the pod's
- IP address. This must be a valid port number, 0
- < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external port
- to.
- type: string
- hostPort:
- description: Number of port to expose on the host.
- If specified, this must be a valid port number,
- 0 < x < 65536. If HostNetwork is specified, this
- must match ContainerPort. Most containers do not
- need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a
- pod must have a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP, TCP,
- or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service readiness.
- Container will be removed from service endpoints if the
- probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which this resource
- resize policy applies. Supported values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it defaults
- to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in
- PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where
- this field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of
- compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is omitted
- for a container, it defaults to Limits if that is
- explicitly specified, otherwise to an implementation-defined
- value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security options
- the container should be run with. If set, the fields of
- SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls whether
- a process can gain more privileges than its parent
- process. This bool directly controls if the no_new_privs
- flag will be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN Note that this field cannot be
- set when spec.os.name is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running
- containers. Defaults to the default set of capabilities
- granted by the container runtime. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes
- in privileged containers are essentially equivalent
- to root on the host. Defaults to false. Note that
- this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount
- to use for the containers. The default is DefaultProcMount
- which uses the container runtime defaults for readonly
- paths and masked paths. This requires the ProcMountType
- feature flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that this
- field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as
- a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not run
- as UID 0 (root) and fail to start the container if
- it does. If unset or false, no such validation will
- be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata
- if unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the
- container. If unspecified, the container runtime will
- allocate a random SELinux context for each container. May
- also be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name is
- windows.
- properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this container.
- If seccomp options are provided at both the pod &
- container level, the container options override the
- pod options. Note that this field cannot be set when
- spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative to
- the kubelet's configured seccomp profile location.
- Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are: \n
- Localhost - a profile defined in a file on the
- node should be used. RuntimeDefault - the container
- runtime default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied to
- all containers. If unspecified, the options from the
- PodSecurityContext will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec
- named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container. This
- field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the feature
- flag will result in errors when validating the
- Pod. All of a Pod's containers must have the same
- effective HostProcess value (it is not allowed
- to have a mix of HostProcess containers and non-HostProcess
- containers). In addition, if HostProcess is true
- then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed
- until this completes successfully. If this probe fails,
- the Pod will be restarted, just as if the livenessProbe
- failed. This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it might
- take a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer
- for stdin in the container runtime. If this is not set,
- reads from stdin in the container will always result in
- EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close
- the stdin channel after it has been opened by a single
- attach. When stdin is true the stdin stream will remain
- open across multiple attach sessions. If stdinOnce is
- set to true, stdin is opened on container start, is empty
- until the first client attaches to stdin, and then remains
- open and accepts data until the client disconnects, at
- which time stdin is closed and remains closed until the
- container is restarted. If this flag is false, a container
- processes that reads from stdin will never receive an
- EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to which
- the container's termination message will be written is
- mounted into the container's filesystem. Message written
- is intended to be brief final status, such as an assertion
- failure message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across all containers
- will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should
- be populated. File will use the contents of terminationMessagePath
- to populate the container status message on both success
- and failure. FallbackToLogsOnError will use the last chunk
- of container log output if the termination message file
- is empty and the container exited with an error. The log
- output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate a TTY
- for itself, also requires 'stdin' to be true. Default
- is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of a raw
- block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the
- container that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume
- within a container.
- properties:
- mountPath:
- description: Path within the container at which the
- volume should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts
- are propagated from the host to container and the
- other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the
- container's volume should be mounted. Defaults to
- "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from
- which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable
- references $(VAR_NAME) are expanded using the container's
- environment. Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might
- be configured in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this pod onto a
- specific node. If it is non-empty, the scheduler simply schedules
- this pod onto that node, assuming that it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: "NodeSelector is a selector which must be true for
- the pod to fit on a node. Selector which must match a node's
- labels for the pod to be scheduled on that node. More info:
- https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
- type: object
- x-kubernetes-map-type: atomic
- os:
- description: "Specifies the OS of the containers in the pod. Some
- pod and container fields are restricted if this is set. \n If
- the OS field is set to linux, the following fields must be unset:
- -securityContext.windowsOptions \n If the OS field is set to
- windows, following fields must be unset: - spec.hostPID - spec.hostIPC
- - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
- - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
- - spec.securityContext.sysctls - spec.shareProcessNamespace
- - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
- - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
- - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities
- - spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- - spec.containers[*].securityContext.runAsGroup"
- properties:
- name:
- description: "Name is the name of the operating system. The
- currently supported values are linux and windows. Additional
- value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values and treat
- unrecognized values in this field as os: null"
- type: string
- required:
- - name
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Overhead represents the resource overhead associated
- with running a pod for a given RuntimeClass. This field will
- be autopopulated at admission time by the RuntimeClass admission
- controller. If the RuntimeClass admission controller is enabled,
- overhead must not be set in Pod create requests. The RuntimeClass
- admission controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured and
- selected in the PodSpec, Overhead will be set to the value defined
- in the corresponding RuntimeClass, otherwise it will remain
- unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md"
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting pods
- with lower priority. One of Never, PreemptLowerPriority. Defaults
- to PreemptLowerPriority if unset.
- type: string
- priority:
- description: The priority value. Various system components use
- this field to find the priority of the pod. When Priority Admission
- Controller is enabled, it prevents users from setting this field.
- The admission controller populates this field from PriorityClassName.
- The higher the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority. "system-node-critical"
- and "system-cluster-critical" are two special keywords which
- indicate the highest priorities with the former being the highest
- priority. Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority will
- be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will be evaluated
- for pod readiness. A pod is ready when all its containers are
- ready AND all conditions specified in the readiness gates have
- status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
- items:
- description: PodReadinessGate contains the reference to a pod
- condition
- properties:
- conditionType:
- description: ConditionType refers to a condition in the
- pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- replicas:
- format: int32
- type: integer
- resourceClaims:
- description: "ResourceClaims defines which ResourceClaims must
- be allocated and reserved before the Pod is allowed to start.
- The resources will be made available to those containers which
- consume them by name. \n This is an alpha field and requires
- enabling the DynamicResourceAllocation feature gate. \n This
- field is immutable."
- items:
- description: PodResourceClaim references exactly one ResourceClaim
- through a ClaimSource. It adds a name to it that uniquely
- identifies the ResourceClaim inside the Pod. Containers that
- need access to the ResourceClaim reference it with this name.
- properties:
- name:
- description: Name uniquely identifies this resource claim
- inside the pod. This must be a DNS_LABEL.
- type: string
- source:
- description: Source describes where to find the ResourceClaim.
- properties:
- resourceClaimName:
- description: ResourceClaimName is the name of a ResourceClaim
- object in the same namespace as this pod.
- type: string
- resourceClaimTemplateName:
- description: "ResourceClaimTemplateName is the name
- of a ResourceClaimTemplate object in the same namespace
- as this pod. \n The template will be used to create
- a new ResourceClaim, which will be bound to this pod.
- When this pod is deleted, the ResourceClaim will also
- be deleted. The name of the ResourceClaim will be
- -, where
- is the PodResourceClaim.Name. Pod validation will
- reject the pod if the concatenated name is not valid
- for a ResourceClaim (e.g. too long). \n An existing
- ResourceClaim with that name that is not owned by
- the pod will not be used for the pod to avoid using
- an unrelated resource by mistake. Scheduling and pod
- startup are then blocked until the unrelated ResourceClaim
- is removed. \n This field is immutable and no changes
- will be made to the corresponding ResourceClaim by
- the control plane after creating the ResourceClaim."
- type: string
- type: object
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- restartPolicy:
- description: "Restart policy for all containers within the pod.
- One of Always, OnFailure, Never. In some contexts, only a subset
- of those values may be permitted. Default to Always. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy"
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass object
- in the node.k8s.io group, which should be used to run this pod. If
- no RuntimeClass resource matches the named class, the pod will
- not be run. If unset or empty, the "legacy" RuntimeClass will
- be used, which is an implicit class with an empty definition
- that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched by specified
- scheduler. If not specified, the pod will be dispatched by default
- scheduler.
- type: string
- schedulingGates:
- description: "SchedulingGates is an opaque list of values that
- if specified will block scheduling the pod. If schedulingGates
- is not empty, the pod will stay in the SchedulingGated state
- and the scheduler will not attempt to schedule the pod. \n SchedulingGates
- can only be set at pod creation time, and be removed only afterwards.
- \n This is a beta feature enabled by the PodSchedulingReadiness
- feature gate."
- items:
- description: PodSchedulingGate is associated to a Pod to guard
- its scheduling.
- properties:
- name:
- description: Name of the scheduling gate. Each scheduling
- gate must have a unique name field.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityContext:
- description: "SecurityContext holds pod-level security attributes
- and common container settings. Optional: Defaults to empty. See
- type description for default values of each field."
- properties:
- fsGroup:
- description: "A special supplemental group that applies to
- all containers in a pod. Some volume types allow the Kubelet
- to change the ownership of that volume to be owned by the
- pod: \n 1. The owning GID will be the FSGroup 2. The setgid
- bit is set (new files created in the volume will be owned
- by FSGroup) 3. The permission bits are OR'd with rw-rw----
- \n If unset, the Kubelet will not modify the ownership and
- permissions of any volume. Note that this field cannot be
- set when spec.os.name is windows."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior of changing
- ownership and permission of the volume before being exposed
- inside Pod. This field will only apply to volume types which
- support fsGroup based ownership(and permissions). It will
- have no effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used. Note that
- this field cannot be set when spec.os.name is windows.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be set
- in SecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container. Note that this field
- cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset or false, no
- such validation will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata if
- unspecified. May also be set in SecurityContext. If set
- in both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for that container.
- Note that this field cannot be set when spec.os.name is
- windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to all containers.
- If unspecified, the container runtime will allocate a random
- SELinux context for each container. May also be set in
- SecurityContext. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container. Note that this field cannot be set when
- spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod. Note that this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile defined
- in a file on the node should be used. The profile must
- be preconfigured on the node to work. Must be a descending
- path, relative to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp profile
- will be applied. Valid options are: \n Localhost - a
- profile defined in a file on the node should be used.
- RuntimeDefault - the container runtime default profile
- should be used. Unconfined - no profile should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first process
- run in each container, in addition to the container's primary
- GID, the fsGroup (if specified), and group memberships defined
- in the container image for the uid of the container process.
- If unspecified, no additional groups are added to any container.
- Note that group memberships defined in the container image
- for the uid of the container process are still effective,
- even if they are not included in this list. Note that this
- field cannot be set when spec.os.name is windows.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls used
- for the pod. Pods with unsupported sysctls (by the container
- runtime) might fail to launch. Note that this field cannot
- be set when spec.os.name is windows.
- items:
- description: Sysctl defines a kernel parameter to be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied to all
- containers. If unspecified, the options within a container's
- SecurityContext will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set when
- spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named
- by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the
- GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container should
- be run as a 'Host Process' container. This field is
- alpha-level and will only be honored by components that
- enable the WindowsHostProcessContainers feature flag.
- Setting this field without the feature flag will result
- in errors when validating the Pod. All of a Pod's containers
- must have the same effective HostProcess value (it is
- not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition, if HostProcess
- is true then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: "ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/"
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured as
- the pod's FQDN, rather than the leaf name (the default). In
- Linux containers, this means setting the FQDN in the hostname
- field of the kernel (the nodename field of struct utsname).
- In Windows containers, this means setting the registry value
- of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect. Default
- to false.
- type: boolean
- shareProcessNamespace:
- description: "Share a single process namespace between all of
- the containers in a pod. When this is set containers will be
- able to view and signal processes from other containers in the
- same pod, and the first process in each container will not be
- assigned PID 1. HostPID and ShareProcessNamespace cannot both
- be set. Optional: Default to false."
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname will
- be "...svc.".
- If not specified, the pod will not have a domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs to terminate
- gracefully. May be decreased in delete request. Value must be
- non-negative integer. The value zero indicates stop immediately
- via the kill signal (no opportunity to shut down). If this value
- is nil, the default grace period will be used instead. The grace
- period is the duration in seconds after the processes running
- in the pod are sent a termination signal and the time when the
- processes are forcibly halted with a kill signal. Set this value
- longer than the expected cleanup time for your process. Defaults
- to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
- properties:
- effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
- type: string
- operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how a group of
- pods ought to spread across topology domains. Scheduler will
- schedule pods in a way which abides by the constraints. All
- topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies how to spread
- matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching pods.
- Pods that match this label selector are counted to determine
- the number of pods in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be empty.
- This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: "MatchLabelKeys is a set of pod label keys
- to select the pods over which spreading will be calculated.
- The keys are used to lookup values from the incoming pod
- labels, those key-value labels are ANDed with labelSelector
- to select the group of existing pods over which spreading
- will be calculated for the incoming pod. The same key
- is forbidden to exist in both MatchLabelKeys and LabelSelector.
- MatchLabelKeys cannot be set when LabelSelector isn't
- set. Keys that don't exist in the incoming pod labels
- will be ignored. A null or empty list means only match
- against labelSelector. \n This is a beta field and requires
- the MatchLabelKeysInPodTopologySpread feature gate to
- be enabled (enabled by default)."
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: "MaxSkew describes the degree to which pods
- may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between the number
- of matching pods in the target topology and the global
- minimum. The global minimum is the minimum number of matching
- pods in an eligible domain or zero if the number of eligible
- domains is less than MinDomains. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the same labelSelector
- spread as 2/2/1: In this case, the global minimum is 1.
- | zone1 | zone2 | zone3 | | P P | P P | P | -
- if MaxSkew is 1, incoming pod can only be scheduled to
- zone3 to become 2/2/2; scheduling it onto zone1(zone2)
- would make the ActualSkew(3-1) on zone1(zone2) violate
- MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
- onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies that
- satisfy it. It's a required field. Default value is 1
- and 0 is not allowed."
- format: int32
- type: integer
- minDomains:
- description: "MinDomains indicates a minimum number of eligible
- domains. When the number of eligible domains with matching
- topology keys is less than minDomains, Pod Topology Spread
- treats \"global minimum\" as 0, and then the calculation
- of Skew is performed. And when the number of eligible
- domains with matching topology keys equals or greater
- than minDomains, this value has no effect on scheduling.
- As a result, when the number of eligible domains is less
- than minDomains, scheduler won't schedule more than maxSkew
- Pods to those domains. If value is nil, the constraint
- behaves as if MinDomains is equal to 1. Valid values are
- integers greater than 0. When value is not nil, WhenUnsatisfiable
- must be DoNotSchedule. \n For example, in a 3-zone cluster,
- MaxSkew is set to 2, MinDomains is set to 5 and pods with
- the same labelSelector spread as 2/2/2: | zone1 | zone2
- | zone3 | | P P | P P | P P | The number of domains
- is less than 5(MinDomains), so \"global minimum\" is treated
- as 0. In this situation, new pod with the same labelSelector
- cannot be scheduled, because computed skew will be 3(3
- - 0) if new Pod is scheduled to any of the three zones,
- it will violate MaxSkew. \n This is a beta field and requires
- the MinDomainsInPodTopologySpread feature gate to be enabled
- (enabled by default)."
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: "NodeAffinityPolicy indicates how we will treat
- Pod's nodeAffinity/nodeSelector when calculating pod topology
- spread skew. Options are: - Honor: only nodes matching
- nodeAffinity/nodeSelector are included in the calculations.
- - Ignore: nodeAffinity/nodeSelector are ignored. All nodes
- are included in the calculations. \n If this value is
- nil, the behavior is equivalent to the Honor policy. This
- is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- nodeTaintsPolicy:
- description: "NodeTaintsPolicy indicates how we will treat
- node taints when calculating pod topology spread skew.
- Options are: - Honor: nodes without taints, along with
- tainted nodes for which the incoming pod has a toleration,
- are included. - Ignore: node taints are ignored. All nodes
- are included. \n If this value is nil, the behavior is
- equivalent to the Ignore policy. This is a beta-level
- feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- topologyKey:
- description: TopologyKey is the key of node labels. Nodes
- that have a label with this key and identical values are
- considered to be in the same topology. We consider each
- as a "bucket", and try to put balanced number
- of pods into each bucket. We define a domain as a particular
- instance of a topology. Also, we define an eligible domain
- as a domain whose nodes meet the requirements of nodeAffinityPolicy
- and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
- each Node is a domain of that topology. And, if TopologyKey
- is "topology.kubernetes.io/zone", each zone is a domain
- of that topology. It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how to deal with
- a pod if it doesn''t satisfy the spread constraint. -
- DoNotSchedule (default) tells the scheduler not to schedule
- it. - ScheduleAnyway tells the scheduler to schedule the
- pod in any location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint is considered
- "Unsatisfiable" for an incoming pod if and only if every
- possible node assignment for that pod would violate "MaxSkew"
- on some topology. For example, in a 3-zone cluster, MaxSkew
- is set to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule, incoming
- pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
- as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
- In other words, the cluster can still be imbalanced, but
- scheduler won''t make it *more* imbalanced. It''s a required
- field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: "List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes"
- items:
- description: Volume represents a named volume in a pod that
- may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: "awsElasticBlockStore represents an AWS Disk
- resource that is attached to a kubelet's host machine
- and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- properties:
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in the volume
- that you want to mount. If omitted, the default is
- to mount by volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly, the volume
- partition for /dev/sda is "0" (or you can leave the
- property empty).'
- format: int32
- type: integer
- readOnly:
- description: "readOnly value true will force the readOnly
- setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: boolean
- volumeID:
- description: "volumeID is unique ID of the persistent
- disk resource in AWS (Amazon EBS volume). More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data Disk mount
- on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: "cachingMode is the Host Caching mode:
- None, Read Only, Read Write."
- type: string
- diskName:
- description: diskName is the Name of the data disk in
- the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk in the
- blob storage
- type: string
- fsType:
- description: fsType is Filesystem type to mount. Must
- be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- kind:
- description: "kind expected values are Shared: multiple
- blob disks per storage account Dedicated: single
- blob disk per storage account Managed: azure managed
- data disk (only in managed availability set). defaults
- to shared"
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File Service
- mount on the host and bind mount to the pod.
- properties:
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret that
- contains Azure Storage Account Name and Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on the host
- that shares a pod's lifetime
- properties:
- monitors:
- description: "monitors is Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- items:
- type: string
- type: array
- path:
- description: "path is Optional: Used as the mounted
- root, rather than the full Ceph tree, default is /"
- type: string
- readOnly:
- description: "readOnly is Optional: Defaults to false
- (read/write). ReadOnly here will force the ReadOnly
- setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: boolean
- secretFile:
- description: "secretFile is Optional: SecretFile is
- the path to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- secretRef:
- description: "secretRef is Optional: SecretRef is reference
- to the authentication secret for User, default is
- empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is optional: User is the rados user
- name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: "cinder represents a cinder volume attached
- and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: "readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: boolean
- secretRef:
- description: "secretRef is optional: points to a secret
- object containing parameters used to connect to OpenStack."
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: "volumeID used to identify the volume in
- cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that should
- populate this volume
- properties:
- defaultMode:
- description: "defaultMode is optional: mode bits used
- to set permissions on created files by default. Must
- be an octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within the path
- are not affected by this setting. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set."
- format: int32
- type: integer
- items:
- description: items if unspecified, each key-value pair
- in the Data field of the referenced ConfigMap will
- be projected into the volume as a file whose name
- is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present. If a
- key is specified which is not present in the ConfigMap,
- the volume setup will error unless it is marked optional.
- Paths must be relative and may not contain the '..'
- path or start with '..'.
- items:
- description: Maps a string key to a path within a
- volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits used
- to set permissions on this file. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal values
- for mode bits. If not specified, the volume
- defaultMode will be used. This might be in conflict
- with other options that affect the file mode,
- like fsGroup, and the result can be other mode
- bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path of the
- file to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: driver is the name of the CSI driver that
- handles this volume. Consult with your admin for the
- correct name as registered in the cluster.
- type: string
- fsType:
- description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
- If not provided, the empty value is passed to the
- associated CSI driver which will determine the default
- filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: nodePublishSecretRef is a reference to
- the secret object containing sensitive information
- to pass to the CSI driver to complete the CSI NodePublishVolume
- and NodeUnpublishVolume calls. This field is optional,
- and may be empty if no secret is required. If the
- secret object contains more than one secret, all secret
- references are passed.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: readOnly specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI driver. Consult
- your driver's documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API about the
- pod that should populate this volume
- properties:
- defaultMode:
- description: "Optional: mode bits to use on created
- files by default. Must be a Optional: mode bits used
- to set permissions on created files by default. Must
- be an octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within the path
- are not affected by this setting. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set."
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume
- file
- items:
- description: DownwardAPIVolumeFile represents information
- to create the file containing the pod field
- properties:
- fieldRef:
- description: "Required: Selects a field of the
- pod: only annotations, labels, name and namespace
- are supported."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode bits used to set
- permissions on this file, must be an octal value
- between 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. If not specified, the volume defaultMode
- will be used. This might be in conflict with
- other options that affect the file mode, like
- fsGroup, and the result can be other mode bits
- set."
- format: int32
- type: integer
- path:
- description: "Required: Path is the relative
- path name of the file to be created. Must not
- be absolute or contain the '..' path. Must
- be utf-8 encoded. The first item of the relative
- path must not start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, requests.cpu and requests.memory)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for
- volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: "emptyDir represents a temporary directory
- that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- properties:
- medium:
- description: 'medium represents what type of storage
- medium should back this directory. The default is
- "" which means to use the node''s default medium.
- Must be an empty string (default) or Memory. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: "sizeLimit is the total amount of local
- storage required for this EmptyDir volume. The size
- limit is also applicable for memory medium. The maximum
- usage on memory medium EmptyDir would be the minimum
- value between the SizeLimit specified here and the
- sum of memory limits of all containers in a pod. The
- default is nil which means that the limit is undefined.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "ephemeral represents a volume that is handled
- by a cluster storage driver. The volume's lifecycle is
- tied to the pod that defines it - it will be created before
- the pod starts, and deleted when the pod is removed. \n
- Use this if: a) the volume is only needed while the pod
- runs, b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c) the storage
- driver is specified through a storage class, and d) the
- storage driver supports dynamic volume provisioning through
- a PersistentVolumeClaim (see EphemeralVolumeSource for
- more information on the connection between this volume
- type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes that persist
- for longer than the lifecycle of an individual pod. \n
- Use CSI for light-weight local ephemeral volumes if the
- CSI driver is meant to be used that way - see the documentation
- of the driver for more information. \n A pod can use both
- types of ephemeral volumes and persistent volumes at the
- same time."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone PVC
- to provision the volume. The pod in which this EphemeralVolumeSource
- is embedded will be the owner of the PVC, i.e. the
- PVC will be deleted together with the pod. The name
- of the PVC will be `-` where
- `` is the name from the `PodSpec.Volumes`
- array entry. Pod validation will reject the pod if
- the concatenated name is not valid for a PVC (for
- example, too long). \n An existing PVC with that name
- that is not owned by the pod will *not* be used for
- the pod to avoid using an unrelated volume by mistake.
- Starting the pod is then blocked until the unrelated
- PVC is removed. If such a pre-created PVC is meant
- to be used by the pod, the PVC has to updated with
- an owner reference to the pod once the pod exists.
- Normally this should not be necessary, but it may
- be useful when manually reconstructing a broken cluster.
- \n This field is read-only and no changes will be
- made by Kubernetes to the PVC after it has been created.
- \n Required, must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when creating
- it. No other fields are allowed and will be rejected
- during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged into the
- PVC that gets created from this template. The
- same fields as in a PersistentVolumeClaim are
- also valid here.
- properties:
- accessModes:
- description: "accessModes contains the desired
- access modes the volume should have. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"
- items:
- type: string
- type: array
- dataSource:
- description: "dataSource field can be used to
- specify either: * An existing VolumeSnapshot
- object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external controller
- can support the specified data source, it
- will create a new volume based on the contents
- of the specified data source. When the AnyVolumeDataSource
- feature gate is enabled, dataSource contents
- will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when
- dataSourceRef.namespace is not specified.
- If the namespace is specified, then dataSourceRef
- will not be copied to dataSource."
- properties:
- apiGroup:
- description: APIGroup is the group for the
- resource being referenced. If APIGroup
- is not specified, the specified Kind must
- be in the core API group. For any other
- third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource
- being referenced
- type: string
- name:
- description: Name is the name of resource
- being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: "dataSourceRef specifies the object
- from which to populate the volume with data,
- if a non-empty volume is desired. This may
- be any object from a non-empty API group (non
- core object) or a PersistentVolumeClaim object.
- When this field is specified, volume binding
- will only succeed if the type of the specified
- object matches some installed volume populator
- or dynamic provisioner. This field will replace
- the functionality of the dataSource field
- and as such if both fields are non-empty,
- they must have the same value. For backwards
- compatibility, when namespace isn't specified
- in dataSourceRef, both fields (dataSource
- and dataSourceRef) will be set to the same
- value automatically if one of them is empty
- and the other is non-empty. When namespace
- is specified in dataSourceRef, dataSource
- isn't set to the same value and must be empty.
- There are three important differences between
- dataSource and dataSourceRef: * While dataSource
- only allows two specific types of objects,
- dataSourceRef allows any non-core object,
- as well as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all
- values, and generates an error if a disallowed
- value is specified. * While dataSource only
- allows local objects, dataSourceRef allows
- objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature
- gate to be enabled. (Alpha) Using the namespace
- field of dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled."
- properties:
- apiGroup:
- description: APIGroup is the group for the
- resource being referenced. If APIGroup
- is not specified, the specified Kind must
- be in the core API group. For any other
- third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource
- being referenced
- type: string
- name:
- description: Name is the name of resource
- being referenced
- type: string
- namespace:
- description: Namespace is the namespace
- of resource being referenced Note that
- when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept
- the reference. See the ReferenceGrant
- documentation for details. (Alpha) This
- field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: "resources represents the minimum
- resources the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify
- resource requirements that are lower than
- previous value but must still be higher than
- capacity recorded in the status field of the
- claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources"
- properties:
- claims:
- description: "Claims lists the names of
- resources, defined in spec.resourceClaims,
- that are used by this container. \n This
- is an alpha field and requires enabling
- the DynamicResourceAllocation feature
- gate. \n This field is immutable. It can
- only be set for containers."
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required.
- If Requests is omitted for a container,
- it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- selector:
- description: selector is a label query over
- volumes to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: "storageClassName is the name of
- the StorageClass required by the claim. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1"
- type: string
- volumeMode:
- description: volumeMode defines what type of
- volume is required by the claim. Value of
- Filesystem is implied when not included in
- claim spec.
- type: string
- volumeName:
- description: volumeName is the binding reference
- to the PersistentVolume backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource that
- is attached to a kubelet's host machine and then exposed
- to the pod.
- properties:
- fsType:
- description: 'fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. TODO: how do we prevent
- errors in the filesystem from compromising the machine'
- type: string
- lun:
- description: "lun is Optional: FC target lun number"
- format: int32
- type: integer
- readOnly:
- description: "readOnly is Optional: Defaults to false
- (read/write). ReadOnly here will force the ReadOnly
- setting in VolumeMounts."
- type: boolean
- targetWWNs:
- description: "targetWWNs is Optional: FC target worldwide
- names (WWNs)"
- items:
- type: string
- type: array
- wwids:
- description: "wwids Optional: FC volume world wide identifiers
- (wwids) Either wwids or combination of targetWWNs
- and lun must be set, but not both simultaneously."
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: flexVolume represents a generic volume resource
- that is provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver to use
- for this volume.
- type: string
- fsType:
- description: fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". The default filesystem
- depends on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: "options is Optional: this field holds
- extra command options if any."
- type: object
- readOnly:
- description: "readOnly is Optional: defaults to false
- (read/write). ReadOnly here will force the ReadOnly
- setting in VolumeMounts."
- type: boolean
- secretRef:
- description: "secretRef is Optional: secretRef is reference
- to the secret object containing sensitive information
- to pass to the plugin scripts. This may be empty if
- no secret object is specified. If the secret object
- contains more than one secret, all secrets are passed
- to the plugin scripts."
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume attached
- to a kubelet's host machine. This depends on the Flocker
- control service being running
- properties:
- datasetName:
- description: datasetName is Name of the dataset stored
- as metadata -> name on the dataset for Flocker should
- be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the dataset.
- This is unique identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: "gcePersistentDisk represents a GCE Disk resource
- that is attached to a kubelet's host machine and then
- exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- properties:
- fsType:
- description: 'fsType is filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in the volume
- that you want to mount. If omitted, the default is
- to mount by volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly, the volume
- partition for /dev/sda is "0" (or you can leave the
- property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: "pdName is unique name of the PD resource
- in GCE. Used to identify the disk in GCE. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: "gitRepo represents a git repository at a particular
- revision. DEPRECATED: GitRepo is deprecated. To provision
- a container with a git repo, mount an EmptyDir into an
- InitContainer that clones the repo using git, then mount
- the EmptyDir into the Pod's container."
- properties:
- directory:
- description: directory is the target directory name.
- Must not contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the git repository
- in the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for the specified
- revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: "glusterfs represents a Glusterfs mount on
- the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md"
- properties:
- endpoints:
- description: "endpoints is the endpoint name that details
- Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- path:
- description: "path is the Glusterfs volume path. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- readOnly:
- description: "readOnly here will force the Glusterfs
- volume to be mounted with read-only permissions. Defaults
- to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: "hostPath represents a pre-existing file or
- directory on the host machine that is directly exposed
- to the container. This is generally used for system agents
- or other privileged things that are allowed to see the
- host machine. Most containers will NOT need this. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can use host
- directory mounts and who can/can not mount host directories
- as read/write."
- properties:
- path:
- description: "path of the directory on the host. If
- the path is a symlink, it will follow the link to
- the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
- type: string
- type:
- description: 'type for HostPath Volume Defaults to ""
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: "iscsi represents an ISCSI Disk resource that
- is attached to a kubelet's host machine and then exposed
- to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md"
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether support
- iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether support
- iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
- type: string
- initiatorName:
- description: initiatorName is the custom iSCSI Initiator
- Name. If initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface : will be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iscsiInterface is the interface Name that
- uses an iSCSI transport. Defaults to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: portals is the iSCSI Target Portal List.
- The portal is either an IP or ip_addr:port if the
- port is other than default (typically TCP ports 860
- and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: readOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for iSCSI
- target and initiator authentication
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: targetPortal is iSCSI Target Portal. The
- Portal is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports 860 and
- 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: "name of the volume. Must be a DNS_LABEL and
- unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
- type: string
- nfs:
- description: "nfs represents an NFS mount on the host that
- shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- properties:
- path:
- description: "path that is exported by the NFS server.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- readOnly:
- description: "readOnly here will force the NFS export
- to be mounted with read-only permissions. Defaults
- to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: boolean
- server:
- description: "server is the hostname or IP address of
- the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: "persistentVolumeClaimVolumeSource represents
- a reference to a PersistentVolumeClaim in the same namespace.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- properties:
- claimName:
- description: "claimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this volume.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- type: string
- readOnly:
- description: readOnly Will force the ReadOnly setting
- in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host
- machine
- properties:
- fsType:
- description: fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies Photon Controller
- persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx volume
- attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fSType represents the filesystem type to
- mount Must be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a Portworx
- volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources secrets,
- configmaps, and downward API
- properties:
- defaultMode:
- description: defaultMode are the mode bits used to set
- permissions on created files by default. Must be an
- octal value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode bits.
- Directories within the path are not affected by this
- setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected along
- with other supported volume types
- properties:
- configMap:
- description: configMap information about the configMap
- data to project
- properties:
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced
- ConfigMap will be projected into the volume
- as a file whose name is the key and content
- is the value. If specified, the listed keys
- will be projected into the specified paths,
- and unlisted keys will not be present. If
- a key is specified which is not present
- in the ConfigMap, the volume setup will
- error unless it is marked optional. Paths
- must be relative and may not contain the
- '..' path or start with '..'.
- items:
- description: Maps a string key to a path
- within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode
- bits used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal
- and decimal values, JSON requires
- decimal values for mode bits. If not
- specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the
- file mode, like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May
- not be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether the
- ConfigMap or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about the
- downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: "Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and
- 0777 or a decimal value between 0
- and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode,
- like fsGroup, and the result can be
- other mode bits set."
- format: int32
- type: integer
- path:
- description: "Required: Path is the
- relative path name of the file to
- be created. Must not be absolute or
- contain the '..' path. Must be utf-8
- encoded. The first item of the relative
- path must not start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env
- vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource
- to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about the secret
- data to project
- properties:
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced
- Secret will be projected into the volume
- as a file whose name is the key and content
- is the value. If specified, the listed keys
- will be projected into the specified paths,
- and unlisted keys will not be present. If
- a key is specified which is not present
- in the Secret, the volume setup will error
- unless it is marked optional. Paths must
- be relative and may not contain the '..'
- path or start with '..'.
- items:
- description: Maps a string key to a path
- within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode
- bits used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal
- and decimal values, JSON requires
- decimal values for mode bits. If not
- specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the
- file mode, like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May
- not be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional field specify whether
- the Secret or its key must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information
- about the serviceAccountToken data to project
- properties:
- audience:
- description: audience is the intended audience
- of the token. A recipient of a token must
- identify itself with an identifier specified
- in the audience of the token, and otherwise
- should reject the token. The audience defaults
- to the identifier of the apiserver.
- type: string
- expirationSeconds:
- description: expirationSeconds is the requested
- duration of validity of the service account
- token. As the token approaches expiration,
- the kubelet volume plugin will proactively
- rotate the service account token. The kubelet
- will start trying to rotate the token if
- the token is older than 80 percent of its
- time to live or if the token is older than
- 24 hours.Defaults to 1 hour and must be
- at least 10 minutes.
- format: int64
- type: integer
- path:
- description: path is the path relative to
- the mount point of the file to project the
- token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount on the host
- that shares a pod's lifetime
- properties:
- group:
- description: group to map volume access to Default is
- no group
- type: string
- readOnly:
- description: readOnly here will force the Quobyte volume
- to be mounted with read-only permissions. Defaults
- to false.
- type: boolean
- registry:
- description: registry represents a single or multiple
- Quobyte Registry services specified as a string as
- host:port pair (multiple entries are separated with
- commas) which acts as the central registry for volumes
- type: string
- tenant:
- description: tenant owning the given Quobyte volume
- in the Backend Used with dynamically provisioned Quobyte
- volumes, value is set by the plugin
- type: string
- user:
- description: user to map volume access to Defaults to
- serivceaccount user
- type: string
- volume:
- description: volume is a string that references an already
- created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: "rbd represents a Rados Block Device mount
- on the host that shares a pod's lifetime. More info:
- https://examples.k8s.io/volumes/rbd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
- type: string
- image:
- description: "image is the rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- keyring:
- description: "keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- monitors:
- description: "monitors is a collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- items:
- type: string
- type: array
- pool:
- description: "pool is the rados pool name. Default is
- rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: boolean
- secretRef:
- description: "secretRef is name of the authentication
- secret for RBDUser. If provided overrides keyring.
- Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is the rados user name. Default is
- admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of the ScaleIO
- API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of the ScaleIO
- Protection Domain for the configured storage.
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef references to the secret for
- ScaleIO user and other sensitive information. If this
- is not provided, Login operation will fail.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable SSL communication
- with Gateway, default false
- type: boolean
- storageMode:
- description: storageMode indicates whether the storage
- for a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage Pool
- associated with the protection domain.
- type: string
- system:
- description: system is the name of the storage system
- as configured in ScaleIO.
- type: string
- volumeName:
- description: volumeName is the name of a volume already
- created in the ScaleIO system that is associated with
- this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: "secret represents a secret that should populate
- this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- properties:
- defaultMode:
- description: "defaultMode is Optional: mode bits used
- to set permissions on created files by default. Must
- be an octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within the path
- are not affected by this setting. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set."
- format: int32
- type: integer
- items:
- description: items If unspecified, each key-value pair
- in the Data field of the referenced Secret will be
- projected into the volume as a file whose name is
- the key and content is the value. If specified, the
- listed keys will be projected into the specified paths,
- and unlisted keys will not be present. If a key is
- specified which is not present in the Secret, the
- volume setup will error unless it is marked optional.
- Paths must be relative and may not contain the '..'
- path or start with '..'.
- items:
- description: Maps a string key to a path within a
- volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits used
- to set permissions on this file. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal values
- for mode bits. If not specified, the volume
- defaultMode will be used. This might be in conflict
- with other options that affect the file mode,
- like fsGroup, and the result can be other mode
- bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path of the
- file to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether the Secret
- or its keys must be defined
- type: boolean
- secretName:
- description: "secretName is the name of the secret in
- the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef specifies the secret to use for
- obtaining the StorageOS API credentials. If not specified,
- default values will be attempted.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: volumeName is the human-readable name of
- the StorageOS volume. Volume names are only unique
- within a namespace.
- type: string
- volumeNamespace:
- description: volumeNamespace specifies the scope of
- the volume within StorageOS. If no namespace is specified
- then the Pod's namespace will be used. This allows
- the Kubernetes name scoping to be mirrored within
- StorageOS for tighter integration. Set VolumeName
- to any name to override the default behaviour. Set
- to "default" if you are not using namespaces within
- StorageOS. Namespaces that do not pre-exist within
- StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is filesystem type to mount. Must
- be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage Policy Based
- Management (SPBM) profile ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage Policy
- Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies
- vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- resources:
- description: Resources workflow resources that are linked to this
- workflow definition. For example, a collection of OpenAPI specification
- files.
- properties:
- configMaps:
- items:
- description: ConfigMapWorkflowResource ConfigMap local reference
- holding one or more workflow resources, such as OpenAPI files
- that will be mounted in the workflow application.
- properties:
- configMap:
- description: ConfigMap the given configMap name in the same
- workflow context to find the resource
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- workflowPath:
- description: WorkflowPath path relative to the workflow
- application root file system within the pod (//src/main/resources). Starting trailing slashes will
- be removed.
- type: string
- required:
- - configMap
- type: object
- type: array
- type: object
- sink:
- description: Sink describes the sinkBinding details of this SonataFlow
- instance.
- properties:
- CACerts:
- description: CACerts are Certification Authority (CA) certificates
- in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
- If set, these CAs are appended to the set of CAs provided by
- the Addressable target, if any.
- type: string
- ref:
- description: Ref points to an Addressable.
- properties:
- address:
- description: Address points to a specific Address Name.
- type: string
- apiVersion:
- description: API version of the referent.
- type: string
- group:
- description: "Group of the API, without the version of the
- group. This can be used as an alternative to the APIVersion,
- and then resolved using ResolveGroup. Note: This API is
- EXPERIMENTAL and might break anytime. For more details:
- https://github.com/knative/eventing/issues/5086"
- type: string
- kind:
- description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- name:
- description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
- type: string
- namespace:
- description:
- "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- This is optional field, it gets defaulted to the object
- holding it if left out."
- type: string
- required:
- - kind
- - name
- type: object
- uri:
- description: URI can be an absolute URL(non-empty scheme and non-empty
- host) pointing to the target or a relative URI. Relative URIs
- will be resolved using the base URI retrieved from Ref.
- type: string
- type: object
- required:
- - flow
- type: object
- status:
- description: SonataFlowStatus defines the observed state of SonataFlow
- properties:
- address:
- description: Address is used as a part of Addressable interface (status.address.url)
- for knative
- properties:
- CACerts:
- description: CACerts is the Certification Authority (CA) certificates
- in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
- type: string
- name:
- description: Name is the name of the address.
- type: string
- url:
- type: string
- type: object
- conditions:
- description: The latest available observations of a resource's current
- state.
- items:
- description: Condition describes the common structure for conditions
- in our types
- properties:
- lastUpdateTime:
- description: The last time this condition was updated.
- format: date-time
- type: string
- message:
- description: A human-readable message indicating details about
- the transition.
- type: string
- reason:
- description: The reason for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: Type condition for the given object
- type: string
- required:
- - status
- - type
- type: object
- type: array
- endpoint:
- description: Endpoint is an externally accessible URL of the workflow
- type: string
- lastTimeRecoverAttempt:
- format: date-time
- type: string
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- recoverFailureAttempts:
- description: keeps track of how many failure recovers a given workflow
- had so far
- type: integer
- services:
- description: Services displays which platform services are being used
- by this workflow
- properties:
- dataIndexRef:
- description: DataIndexRef displays information on the cluster-wide
- Data Index service
- properties:
- url:
- description: Url displays the base url of the service
- type: string
- type: object
- jobServiceRef:
- description: JobServiceRef displays information on the cluster-wide
- Job Service
- properties:
- url:
- description: Url displays the base url of the service
- type: string
- type: object
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
diff --git a/packages/sonataflow-operator/bundle/metadata/annotations.yaml b/packages/sonataflow-operator/bundle/metadata/annotations.yaml
index f96ca03d721..860cfbf93ac 100644
--- a/packages/sonataflow-operator/bundle/metadata/annotations.yaml
+++ b/packages/sonataflow-operator/bundle/metadata/annotations.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Core bundle annotations.
@@ -24,7 +22,7 @@ annotations:
operators.operatorframework.io.bundle.metadata.v1: metadata/
operators.operatorframework.io.bundle.package.v1: sonataflow-operator
operators.operatorframework.io.bundle.channels.v1: alpha
- operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.0
+ operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.0
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
com.redhat.openshift.versions: v4.11
diff --git a/packages/sonataflow-operator/bundle/tests/scorecard/config.yaml b/packages/sonataflow-operator/bundle/tests/scorecard/config.yaml
index caa003d86fc..c55484853e0 100644
--- a/packages/sonataflow-operator/bundle/tests/scorecard/config.yaml
+++ b/packages/sonataflow-operator/bundle/tests/scorecard/config.yaml
@@ -25,7 +25,7 @@ stages:
- entrypoint:
- scorecard-test
- basic-check-spec
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: basic
test: basic-check-spec-test
@@ -35,7 +35,7 @@ stages:
- entrypoint:
- scorecard-test
- olm-bundle-validation
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: olm
test: olm-bundle-validation-test
@@ -45,7 +45,7 @@ stages:
- entrypoint:
- scorecard-test
- olm-crds-have-validation
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: olm
test: olm-crds-have-validation-test
@@ -65,7 +65,7 @@ stages:
- entrypoint:
- scorecard-test
- olm-spec-descriptors
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: olm
test: olm-spec-descriptors-test
@@ -75,7 +75,7 @@ stages:
- entrypoint:
- scorecard-test
- olm-status-descriptors
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: olm
test: olm-status-descriptors-test
diff --git a/packages/sonataflow-operator/main.go b/packages/sonataflow-operator/cmd/main.go
similarity index 68%
rename from packages/sonataflow-operator/main.go
rename to packages/sonataflow-operator/cmd/main.go
index ba064c2e249..0ee30c457ce 100644
--- a/packages/sonataflow-operator/main.go
+++ b/packages/sonataflow-operator/cmd/main.go
@@ -20,21 +20,27 @@
package main
import (
+ "crypto/tls"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
+ prometheus "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
+ "k8s.io/klog/v2/klogr"
eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ servingv1 "knative.dev/serving/pkg/apis/serving/v1"
+ metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+ "sigs.k8s.io/controller-runtime/pkg/webhook"
- "k8s.io/klog/v2/klogr"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers"
ocputil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/openshift"
// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
@@ -61,6 +67,8 @@ func init() {
+ utilruntime.Must(servingv1.AddToScheme(scheme))
+ utilruntime.Must(prometheus.AddToScheme(scheme))
@@ -68,6 +76,8 @@ func main() {
var metricsAddr string
var enableLeaderElection bool
var probeAddr string
+ var secureMetrics bool
+ var enableHTTP2 bool
var controllerCfgPath string
flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
@@ -75,18 +85,57 @@ func main() {
flag.BoolVar(&enableLeaderElection, "leader-elect", false,
"Enable leader election for controller manager. "+
"Enabling this will ensure there is only one active controller manager.")
+ flag.BoolVar(&secureMetrics, "metrics-secure", false,
+ "If set the metrics endpoint is served securely")
+ flag.BoolVar(&enableHTTP2, "enable-http2", false,
+ "If set, HTTP/2 will be enabled for the metrics and webhook servers")
flag.StringVar(&controllerCfgPath, "controller-cfg-path", "", "The controller config file path.")
- ctrl.SetLogger(klogr.New().WithName(controllers.ComponentName))
+ ctrl.SetLogger(klogr.New().WithName(controller.ComponentName))
+ // if the enable-http2 flag is false (the default), http/2 should be disabled
+ // due to its vulnerabilities. More specifically, disabling http/2 will
+ // prevent from being vulnerable to the HTTP/2 Stream Cancellation and
+ // Rapid Reset CVEs. For more information see:
+ // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3
+ // - https://github.com/advisories/GHSA-4374-p667-p6c8
+ disableHTTP2 := func(c *tls.Config) {
+ klog.V(log.I).Info("disabling http/2")
+ c.NextProtos = []string{"http/1.1"}
+ }
+ tlsOpts := []func(*tls.Config){}
+ if !enableHTTP2 {
+ tlsOpts = append(tlsOpts, disableHTTP2)
+ }
+ webhookServer := webhook.NewServer(webhook.Options{
+ TLSOpts: tlsOpts,
+ })
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
- Scheme: scheme,
- MetricsBindAddress: metricsAddr,
- Port: 9443,
+ Scheme: scheme,
+ Metrics: metricsserver.Options{
+ BindAddress: metricsAddr,
+ SecureServing: secureMetrics,
+ TLSOpts: tlsOpts,
+ },
+ WebhookServer: webhookServer,
HealthProbeBindAddress: probeAddr,
LeaderElection: enableLeaderElection,
LeaderElectionID: "1be5e57d.kie.org",
+ // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
+ // when the Manager ends. This requires the binary to immediately end when the
+ // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+ // speeds up voluntary leader transitions as the new leader don't have to wait
+ // LeaseDuration time first.
+ //
+ // In the default scaffold provided, the program ends immediately after
+ // the manager stops, so would be fine to enable this option. However,
+ // if you are doing or is intended to do any operation such as perform cleanups
+ // after the manager stops then its usage might be unsafe.
+ // LeaderElectionReleaseOnCancel: true,
if err != nil {
klog.V(log.E).ErrorS(err, "unable to start manager")
@@ -103,7 +152,7 @@ func main() {
- if err = (&controllers.SonataFlowReconciler{
+ if err = (&controller.SonataFlowReconciler{
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
Config: mgr.GetConfig(),
@@ -112,7 +161,7 @@ func main() {
klog.V(log.E).ErrorS(err, "unable to create controller", "controller", "SonataFlow")
- if err = (&controllers.SonataFlowBuildReconciler{
+ if err = (&controller.SonataFlowBuildReconciler{
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
Config: mgr.GetConfig(),
@@ -122,7 +171,7 @@ func main() {
- if err = (&controllers.SonataFlowPlatformReconciler{
+ if err = (&controller.SonataFlowPlatformReconciler{
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
Reader: mgr.GetAPIReader(),
@@ -132,7 +181,7 @@ func main() {
klog.V(log.E).ErrorS(err, "unable to create controller", "controller", "SonataFlowPlatform")
- if err = (&controllers.SonataFlowClusterPlatformReconciler{
+ if err = (&controller.SonataFlowClusterPlatformReconciler{
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
Reader: mgr.GetAPIReader(),
diff --git a/packages/sonataflow-operator/config/crd/bases/.gitkeep b/packages/sonataflow-operator/config/crd/bases/.gitkeep
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowbuilds.yaml b/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowbuilds.yaml
deleted file mode 100644
index f79e1666797..00000000000
--- a/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowbuilds.yaml
+++ /dev/null
@@ -1,378 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
- name: sonataflowbuilds.sonataflow.org
- group: sonataflow.org
- names:
- kind: SonataFlowBuild
- listKind: SonataFlowBuildList
- plural: sonataflowbuilds
- shortNames:
- - sfb
- - sfbuild
- - sfbuilds
- singular: sonataflowbuild
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.imageTag
- name: Image
- type: string
- - jsonPath: .status.buildPhase
- name: Phase
- type: string
- name: v1alpha08
- schema:
- openAPIV3Schema:
- description: SonataFlowBuild is an internal custom resource to control workflow
- build instances in the target platform
- properties:
- apiVersion:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- metadata:
- type: object
- spec:
- description: SonataFlowBuildSpec define the desired state of th SonataFlowBuild.
- properties:
- arguments:
- description: 'Arguments lists the command line arguments to send to
- the internal builder command. Depending on the build method you
- might set this attribute instead of BuildArgs. For example: ".spec.arguments=verbose=3".
- Please see the SonataFlow guides.'
- items:
- type: string
- type: array
- buildArgs:
- description: Optional build arguments that can be set to the internal
- build (e.g. Docker ARG)
- items:
- description: EnvVar represents an environment variable present in
- a Container.
- properties:
- name:
- description: Name of the environment variable. Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded using
- the previously defined environment variables in the container
- and any service environment variables. If a variable cannot
- be resolved, the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
- string literal "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable exists or
- not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value. Cannot
- be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath is
- written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the specified
- API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of the exposed
- resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's namespace
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envs:
- description: Optional environment variables to add to the internal
- build
- items:
- description: EnvVar represents an environment variable present in
- a Container.
- properties:
- name:
- description: Name of the environment variable. Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded using
- the previously defined environment variables in the container
- and any service environment variables. If a variable cannot
- be resolved, the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
- string literal "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable exists or
- not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value. Cannot
- be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath is
- written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in the specified
- API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of the exposed
- resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's namespace
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its key must
- be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- resources:
- description: Resources optional compute resource requirements for
- the builder
- properties:
- claims:
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It can only be set
- for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- timeout:
- description: Timeout defines the Build maximum execution duration.
- The Build deadline is set to the Build start time plus the Timeout
- duration. If the Build deadline is exceeded, the Build context is
- canceled, and its phase set to BuildPhaseFailed.
- format: duration
- type: string
- type: object
- status:
- description: SonataFlowBuildStatus defines the observed state of SonataFlowBuild
- properties:
- buildPhase:
- description: BuildPhase Current phase of the build
- type: string
- error:
- description: Error Last error found during build
- type: string
- imageTag:
- description: ImageTag The final image tag produced by this build instance
- type: string
- innerBuild:
- description: InnerBuild is a reference to an internal build object,
- which can be anything known only to internal builders.
- type: object
- x-kubernetes-preserve-unknown-fields: true
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
diff --git a/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowclusterplatforms.yaml b/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowclusterplatforms.yaml
deleted file mode 100644
index 71fb5b31399..00000000000
--- a/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowclusterplatforms.yaml
+++ /dev/null
@@ -1,145 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
- name: sonataflowclusterplatforms.sonataflow.org
- group: sonataflow.org
- names:
- kind: SonataFlowClusterPlatform
- listKind: SonataFlowClusterPlatformList
- plural: sonataflowclusterplatforms
- singular: sonataflowclusterplatform
- scope: Cluster
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.platformRef.name
- name: Platform_Name
- type: string
- - jsonPath: .spec.platformRef.namespace
- name: Platform_NS
- type: string
- - jsonPath: .status.conditions[?(@.type=='Succeed')].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=='Succeed')].reason
- name: Reason
- type: string
- name: v1alpha08
- schema:
- openAPIV3Schema:
- description: SonataFlowClusterPlatform is the Schema for the sonataflowclusterplatforms
- properties:
- apiVersion:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- metadata:
- type: object
- spec:
- description: SonataFlowClusterPlatformSpec defines the desired state of
- SonataFlowClusterPlatform
- properties:
- capabilities:
- description: Capabilities defines which platform capabilities should
- be applied cluster-wide. If nil, defaults to `capabilities.workflows["services"]`
- properties:
- workflows:
- description: Workflows defines which platform capabilities should
- be applied to workflows cluster-wide.
- items:
- enum:
- - services
- type: string
- type: array
- type: object
- platformRef:
- description: PlatformRef defines which existing SonataFlowPlatform's
- supporting services should be used cluster-wide.
- properties:
- name:
- description: Name of the SonataFlowPlatform
- type: string
- namespace:
- description: Namespace of the SonataFlowPlatform
- type: string
- required:
- - name
- - namespace
- type: object
- required:
- - platformRef
- type: object
- status:
- description: SonataFlowClusterPlatformStatus defines the observed state
- of SonataFlowClusterPlatform
- properties:
- conditions:
- description: The latest available observations of a resource's current
- state.
- items:
- description: Condition describes the common structure for conditions
- in our types
- properties:
- lastUpdateTime:
- description: The last time this condition was updated.
- format: date-time
- type: string
- message:
- description: A human-readable message indicating details about
- the transition.
- type: string
- reason:
- description: The reason for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: Type condition for the given object
- type: string
- required:
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- version:
- description: Version the operator version controlling this ClusterPlatform
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
diff --git a/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowplatforms.yaml b/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowplatforms.yaml
deleted file mode 100644
index 3538abf605a..00000000000
--- a/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflowplatforms.yaml
+++ /dev/null
@@ -1,16432 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
- name: sonataflowplatforms.sonataflow.org
- group: sonataflow.org
- names:
- kind: SonataFlowPlatform
- listKind: SonataFlowPlatformList
- plural: sonataflowplatforms
- shortNames:
- - sfp
- - sfplatform
- - sfplatforms
- singular: sonataflowplatform
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .status.cluster
- name: Cluster
- type: string
- - jsonPath: .status.conditions[?(@.type=='Succeed')].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=='Succeed')].reason
- name: Reason
- type: string
- name: v1alpha08
- schema:
- openAPIV3Schema:
- description: SonataFlowPlatform is the descriptor for the workflow platform
- infrastructure.
- properties:
- apiVersion:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- metadata:
- type: object
- spec:
- description: SonataFlowPlatformSpec defines the desired state of SonataFlowPlatform
- properties:
- build:
- description: Build Attributes for building workflows in the target
- platform
- properties:
- config:
- description: Describes the platform configuration for building
- workflows.
- properties:
- baseImage:
- description: a base image that can be used as base layer for
- all images. It can be useful if you want to provide some
- custom base image with further utility software
- type: string
- registry:
- description: Registry the registry where to publish the built
- image
- properties:
- address:
- description: the URI to access
- type: string
- ca:
- description: the configmap which stores the Certificate
- Authority
- type: string
- insecure:
- description: if the container registry is insecure (ie,
- http only)
- type: boolean
- organization:
- description: the registry organization
- type: string
- secret:
- description: the secret where credentials are stored
- type: string
- type: object
- strategy:
- description: BuildStrategy to use to build workflows in the
- platform. Usually, the operator elect the strategy based
- on the platform. Note that this field might be read only
- in certain scenarios.
- type: string
- strategyOptions:
- additionalProperties:
- type: string
- description: BuildStrategyOptions additional options to add
- to the build strategy. See https://sonataflow.org/serverlessworkflow/main/cloud/operator/build-and-deploy-workflows.html
- type: object
- timeout:
- description: how much time to wait before time out the build
- process
- type: string
- type: object
- template:
- description: Describes a build template for building workflows.
- Base for the internal SonataFlowBuild resource.
- properties:
- arguments:
- description: 'Arguments lists the command line arguments to
- send to the internal builder command. Depending on the build
- method you might set this attribute instead of BuildArgs.
- For example: ".spec.arguments=verbose=3". Please see the
- SonataFlow guides.'
- items:
- type: string
- type: array
- buildArgs:
- description: Optional build arguments that can be set to the
- internal build (e.g. Docker ARG)
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables
- in the container and any service environment variables.
- If a variable cannot be resolved, the reference in
- the input string will be unchanged. Double $$ are
- reduced to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether the
- variable exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envs:
- description: Optional environment variables to add to the
- internal build
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables
- in the container and any service environment variables.
- If a variable cannot be resolved, the reference in
- the input string will be unchanged. Double $$ are
- reduced to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether the
- variable exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- resources:
- description: Resources optional compute resource requirements
- for the builder
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where this
- field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount of
- compute resources required. If Requests is omitted for
- a container, it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined value.
- Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- timeout:
- description: Timeout defines the Build maximum execution duration.
- The Build deadline is set to the Build start time plus the
- Timeout duration. If the Build deadline is exceeded, the
- Build context is canceled, and its phase set to BuildPhaseFailed.
- format: duration
- type: string
- type: object
- type: object
- devMode:
- description: DevMode Attributes for running workflows in devmode (immutable,
- no build required)
- properties:
- baseImage:
- description: Base image to run the Workflow in dev mode instead
- of the operator's default.
- type: string
- type: object
- persistence:
- description: Persistence defines the platform persistence configuration.
- When this field is set, the configuration is used as the persistence
- for platform services and SonataFlow instances that don't provide
- one of their own.
- maxProperties: 1
- properties:
- postgresql:
- description: Connect configured services to a postgresql database.
- maxProperties: 2
- minProperties: 2
- properties:
- jdbcUrl:
- description: PostgreSql JDBC URL. Mutually exclusive to serviceRef.
- e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
- type: string
- secretRef:
- description: Secret reference to the database user credentials
- properties:
- name:
- description: Name of the postgresql credentials secret.
- type: string
- passwordKey:
- description: Defaults to POSTGRESQL_PASSWORD
- type: string
- userKey:
- description: Defaults to POSTGRESQL_USER
- type: string
- required:
- - name
- type: object
- serviceRef:
- description: Service reference to postgresql datasource. Mutually
- exclusive to jdbcUrl.
- properties:
- databaseName:
- description: Name of postgresql database to be used. Defaults
- to "sonataflow"
- type: string
- name:
- description: Name of the postgresql k8s service.
- type: string
- namespace:
- description: Namespace of the postgresql k8s service.
- Defaults to the SonataFlowPlatform's local namespace.
- type: string
- port:
- description: Port to use when connecting to the postgresql
- k8s service. Defaults to 5432.
- type: integer
- required:
- - name
- type: object
- required:
- - secretRef
- type: object
- type: object
- properties:
- description: "Properties defines the property set for a given actor
- in the current context. For example, the workflow managed properties.
- One can define here a set of properties for SonataFlow deployments
- that will be reused across every workflow deployment. \n These properties
- MAY NOT be propagated to a SonataFlowClusterPlatform since PropertyVarSource
- can only refer local context sources."
- properties:
- flow:
- description: Properties that will be added to the SonataFlow managed
- configMaps in the current context.
- items:
- description: PropertyVar is the entry for a property set derived
- from the Kubernetes API EnvVar. Note that the name doesn't
- have to match C_IDENTIFIER.
- properties:
- name:
- description: The property name
- type: string
- value:
- description: Defaults to "".
- type: string
- valueFrom:
- description: Source for the property's value. Cannot be
- used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the flow's
- namespace
- properties:
- key:
- description: The key of the secret to select from. Must
- be a valid secret key.
- type: string
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the Secret or its key
- must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- services:
- description: "Services attributes for deploying supporting applications
- like Data Index & Job Service. Only workflows without the `sonataflow.org/profile:
- dev` annotation will be configured to use these service(s). Setting
- this will override the use of any cluster-scoped services that might
- be defined via `SonataFlowClusterPlatform`."
- properties:
- dataIndex:
- description: "Deploys the Data Index service for use by workflows
- without the `sonataflow.org/profile: dev` annotation."
- properties:
- enabled:
- description: "Determines whether workflows without the `sonataflow.org/profile:
- dev` annotation should be configured to use this service"
- type: boolean
- persistence:
- description: Persists service to a datasource of choice. Ephemeral
- by default.
- maxProperties: 1
- properties:
- postgresql:
- description: Connect configured services to a postgresql
- database.
- maxProperties: 2
- minProperties: 2
- properties:
- jdbcUrl:
- description: PostgreSql JDBC URL. Mutually exclusive
- to serviceRef. e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
- type: string
- secretRef:
- description: Secret reference to the database user
- credentials
- properties:
- name:
- description: Name of the postgresql credentials
- secret.
- type: string
- passwordKey:
- description: Defaults to POSTGRESQL_PASSWORD
- type: string
- userKey:
- description: Defaults to POSTGRESQL_USER
- type: string
- required:
- - name
- type: object
- serviceRef:
- description: Service reference to postgresql datasource.
- Mutually exclusive to jdbcUrl.
- properties:
- databaseName:
- description: Name of postgresql database to be
- used. Defaults to "sonataflow"
- type: string
- databaseSchema:
- description: Schema of postgresql database to
- be used. Defaults to "data-index-service"
- type: string
- name:
- description: Name of the postgresql k8s service.
- type: string
- namespace:
- description: Namespace of the postgresql k8s service.
- Defaults to the SonataFlowPlatform's local namespace.
- type: string
- port:
- description: Port to use when connecting to the
- postgresql k8s service. Defaults to 5432.
- type: integer
- required:
- - name
- type: object
- required:
- - secretRef
- type: object
- type: object
- podTemplate:
- description: PodTemplate describes the deployment details
- of this platform service instance.
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before the
- system will actively try to mark it failed and kill
- associated containers. Value must be a positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules
- for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node matches
- the corresponding matchExpressions; the node(s)
- with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term
- matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling
- term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching
- the corresponding nodeSelectorTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod
- from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector
- terms. The terms are ORed.
- items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- type: array
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules
- (e.g. co-locate this pod in the same node, zone,
- etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most preferred
- is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a
- sum by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates whether
- a service account token should be automatically mounted.
- type: boolean
- container:
- description: Container is the Kubernetes container where
- the application should run. One can change this attribute
- in order to override the defaults provided by the operator.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$
- are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage,
- requests.cpu, requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate
- key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never,
- IfNotPresent. Defaults to Always if :latest tag
- is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should
- take in response to container lifecycle events.
- Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before
- a container is terminated due to an API request
- or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the
- handler, the container will eventually terminate
- within the Pod's termination grace period (unless
- delayed by finalizers). Other management of
- the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying this
- array with strategic merge patch may corrupt the
- data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid port
- number, 0 < x < 65536. If HostNetwork is specified,
- this must match ContainerPort. Most containers
- do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port
- in a pod must have a unique name. Name for
- the port that can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it
- defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It
- can only be set for containers."
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of
- one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes
- that resource available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. Requests cannot
- exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges than
- its parent process. This bool directly controls
- if the no_new_privs flag will be set on the
- container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name is
- windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set when
- spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name is
- windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note that
- this field cannot be set when spec.os.name is
- windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided at
- both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name is
- windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a
- profile defined in a file on the node should
- be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be set
- if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of
- seccomp profile will be applied. Valid options
- are: \n Localhost - a profile defined in
- a file on the node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the
- GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only
- be honored by components that enable the
- WindowsHostProcessContainers feature flag.
- Setting this field without the feature flag
- will result in errors when validating the
- Pod. All of a Pod's containers must have
- the same effective HostProcess value (it
- is not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run
- the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no other
- probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted,
- just as if the livenessProbe failed. This can be
- used to provide different probe parameters at the
- beginning of a Pod's lifecycle, when it might take
- a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach sessions.
- If stdinOnce is set to true, stdin is opened on
- container start, is empty until the first client
- attaches to stdin, and then remains open and accepts
- data until the client disconnects, at which time
- stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container
- processes that reads from stdin will never receive
- an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated
- by the node if greater than 4096 bytes. The total
- message length across all containers will be limited
- to 12kb. Defaults to /dev/termination-log. Cannot
- be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output is
- limited to 2048 bytes or 80 lines, whichever is
- smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be true.
- Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of
- a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of
- the container that the device will be mapped
- to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting of
- a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at which
- the volume should be mounted. Must not contain
- ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should be
- mounted. Behaves similarly to SubPath but
- environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- type: object
- containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be updated.
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents
- resource resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
- items:
- description: ResourceClaim references one
- entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers generated
- from DNSPolicy. Duplicated nameservers will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated from
- DNSPolicy. Duplicated entries will be removed. Resolution
- options given in Options will override those that
- appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver
- options of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig
- will be merged with the policy selected with DNSPolicy.
- To have DNS options set along with hostNetwork, you
- have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: "EnableServiceLinks indicates whether information
- about services should be injected into pod's environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true."
- type: boolean
- hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts file
- if specified. This is only valid for non-hostNetwork
- pods.
- items:
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry in
- the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: "Use the host's ipc namespace. Optional:
- Default to false."
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod. Use
- the host's network namespace. If this option is set,
- the ports that will be used must be specified. Default
- to false.
- type: boolean
- hostPID:
- description: "Use the host's pid namespace. Optional:
- Default to false."
- type: boolean
- hostUsers:
- description: "Use the host's user namespace. Optional:
- Default to true. If set to true or not present, the
- pod will be run in the host user namespace, useful for
- when the pod needs a feature only available to the host
- user namespace, such as loading a kernel module with
- CAP_SYS_MODULE. When set to false, a new userns is created
- for the pod. Setting false is useful for mitigating
- container breakout vulnerabilities even allowing users
- to run their containers as root without actually having
- root privileges on the host. This field is alpha-level
- and is only honored by servers that enable the UserNamespacesSupport
- feature."
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
- type: string
- imagePullSecrets:
- description: "ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use for
- pulling any of the images used by this PodSpec. If specified,
- these secrets will be passed to individual puller implementations
- for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod"
- items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the
- same namespace.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- initContainers:
- description: "List of initialization containers belonging
- to the pod. Init containers are executed in order prior
- to containers being started. If any init container fails,
- the pod is considered to have failed and is handled
- according to its restartPolicy. The name for an init
- container or normal container must be unique among all
- containers. Init containers may not have Lifecycle actions,
- Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken
- into account during scheduling by finding the highest
- request/limit for each resource type, and then using
- the max of of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar fashion.
- Init containers cannot currently be added or removed.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents
- resource resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
- items:
- description: ResourceClaim references one
- entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this pod
- onto a specific node. If it is non-empty, the scheduler
- simply schedules this pod onto that node, assuming that
- it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: "NodeSelector is a selector which must be
- true for the pod to fit on a node. Selector which must
- match a node's labels for the pod to be scheduled on
- that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
- type: object
- x-kubernetes-map-type: atomic
- os:
- description: "Specifies the OS of the containers in the
- pod. Some pod and container fields are restricted if
- this is set. \n If the OS field is set to linux, the
- following fields must be unset: -securityContext.windowsOptions
- \n If the OS field is set to windows, following fields
- must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers
- - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
- - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
- - spec.securityContext.sysctls - spec.shareProcessNamespace
- - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
- - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
- - spec.containers[*].securityContext.seccompProfile
- - spec.containers[*].securityContext.capabilities -
- spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- - spec.containers[*].securityContext.runAsGroup"
- properties:
- name:
- description: "Name is the name of the operating system.
- The currently supported values are linux and windows.
- Additional value may be defined in future and can
- be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values
- and treat unrecognized values in this field as os:
- null"
- type: string
- required:
- - name
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time by
- the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not be
- set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set to
- the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md"
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
- Defaults to PreemptLowerPriority if unset.
- type: string
- priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will be
- evaluated for pod readiness. A pod is ready when all
- its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True" More
- info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
- items:
- description: PodReadinessGate contains the reference
- to a pod condition
- properties:
- conditionType:
- description: ConditionType refers to a condition
- in the pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- replicas:
- format: int32
- type: integer
- resourceClaims:
- description: "ResourceClaims defines which ResourceClaims
- must be allocated and reserved before the Pod is allowed
- to start. The resources will be made available to those
- containers which consume them by name. \n This is an
- alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
- items:
- description: PodResourceClaim references exactly one
- ResourceClaim through a ClaimSource. It adds a name
- to it that uniquely identifies the ResourceClaim inside
- the Pod. Containers that need access to the ResourceClaim
- reference it with this name.
- properties:
- name:
- description: Name uniquely identifies this resource
- claim inside the pod. This must be a DNS_LABEL.
- type: string
- source:
- description: Source describes where to find the
- ResourceClaim.
- properties:
- resourceClaimName:
- description: ResourceClaimName is the name of
- a ResourceClaim object in the same namespace
- as this pod.
- type: string
- resourceClaimTemplateName:
- description: "ResourceClaimTemplateName is the
- name of a ResourceClaimTemplate object in
- the same namespace as this pod. \n The template
- will be used to create a new ResourceClaim,
- which will be bound to this pod. When this
- pod is deleted, the ResourceClaim will also
- be deleted. The name of the ResourceClaim
- will be -, where
- is the PodResourceClaim.Name.
- Pod validation will reject the pod if the
- concatenated name is not valid for a ResourceClaim
- (e.g. too long). \n An existing ResourceClaim
- with that name that is not owned by the pod
- will not be used for the pod to avoid using
- an unrelated resource by mistake. Scheduling
- and pod startup are then blocked until the
- unrelated ResourceClaim is removed. \n This
- field is immutable and no changes will be
- made to the corresponding ResourceClaim by
- the control plane after creating the ResourceClaim."
- type: string
- type: object
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- restartPolicy:
- description: "Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. In some contexts,
- only a subset of those values may be permitted. Default
- to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy"
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset or
- empty, the "legacy" RuntimeClass will be used, which
- is an implicit class with an empty definition that uses
- the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod will
- be dispatched by default scheduler.
- type: string
- schedulingGates:
- description: "SchedulingGates is an opaque list of values
- that if specified will block scheduling the pod. If
- schedulingGates is not empty, the pod will stay in the
- SchedulingGated state and the scheduler will not attempt
- to schedule the pod. \n SchedulingGates can only be
- set at pod creation time, and be removed only afterwards.
- \n This is a beta feature enabled by the PodSchedulingReadiness
- feature gate."
- items:
- description: PodSchedulingGate is associated to a Pod
- to guard its scheduling.
- properties:
- name:
- description: Name of the scheduling gate. Each scheduling
- gate must have a unique name field.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityContext:
- description: "SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field."
- properties:
- fsGroup:
- description: "A special supplemental group that applies
- to all containers in a pod. Some volume types allow
- the Kubelet to change the ownership of that volume
- to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files
- created in the volume will be owned by FSGroup)
- 3. The permission bits are OR'd with rw-rw---- \n
- If unset, the Kubelet will not modify the ownership
- and permissions of any volume. Note that this field
- cannot be set when spec.os.name is windows."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have no
- effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.
- Note that this field cannot be set when spec.os.name
- is windows.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for
- that container. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not
- run as UID 0 (root) and fail to start the container
- if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified in
- image metadata if unspecified. May also be set in
- SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container. Note that this
- field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to
- all containers. If unspecified, the container runtime
- will allocate a random SELinux context for each
- container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container. Note that this field cannot
- be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file on
- the node should be used. RuntimeDefault - the
- container runtime default profile should be
- used. Unconfined - no profile should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to the
- container's primary GID, the fsGroup (if specified),
- and group memberships defined in the container image
- for the uid of the container process. If unspecified,
- no additional groups are added to any container.
- Note that group memberships defined in the container
- image for the uid of the container process are still
- effective, even if they are not included in this
- list. Note that this field cannot be set when spec.os.name
- is windows.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- Note that this field cannot be set when spec.os.name
- is windows.
- items:
- description: Sysctl defines a kernel parameter to
- be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options within
- a container's SecurityContext will be used. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the
- feature flag will result in errors when validating
- the Pod. All of a Pod's containers must have
- the same effective HostProcess value (it is
- not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork must
- also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: "ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/"
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the default).
- In Linux containers, this means setting the FQDN in
- the hostname field of the kernel (the nodename field
- of struct utsname). In Windows containers, this means
- setting the registry value of hostname for the registry
- key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect.
- Default to false.
- type: boolean
- shareProcessNamespace:
- description: "Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process in
- each container will not be assigned PID 1. HostPID and
- ShareProcessNamespace cannot both be set. Optional:
- Default to false."
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname
- will be "...svc.". If not specified, the pod will not have a
- domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple
- using the matching operator .
- properties:
- effect:
- description: Effect indicates the taint effect to
- match. Empty means match all taint effects. When
- specified, allowed values are NoSchedule, PreferNoSchedule
- and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and Equal.
- Defaults to Equal. Exists is equivalent to wildcard
- for value, so that a pod can tolerate all taints
- of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period
- of time the toleration (which must be of effect
- NoExecute, otherwise this field is ignored) tolerates
- the taint. By default, it is not set, which means
- tolerate the taint forever (do not evict). Zero
- and negative values will be treated as 0 (evict
- immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how a
- group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides by
- the constraints. All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies how
- to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: "MatchLabelKeys is a set of pod label
- keys to select the pods over which spreading will
- be calculated. The keys are used to lookup values
- from the incoming pod labels, those key-value
- labels are ANDed with labelSelector to select
- the group of existing pods over which spreading
- will be calculated for the incoming pod. The same
- key is forbidden to exist in both MatchLabelKeys
- and LabelSelector. MatchLabelKeys cannot be set
- when LabelSelector isn't set. Keys that don't
- exist in the incoming pod labels will be ignored.
- A null or empty list means only match against
- labelSelector. \n This is a beta field and requires
- the MatchLabelKeysInPodTopologySpread feature
- gate to be enabled (enabled by default)."
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: "MaxSkew describes the degree to which
- pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between
- the number of matching pods in the target topology
- and the global minimum. The global minimum is
- the minimum number of matching pods in an eligible
- domain or zero if the number of eligible domains
- is less than MinDomains. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the
- same labelSelector spread as 2/2/1: In this case,
- the global minimum is 1. | zone1 | zone2 | zone3
- | | P P | P P | P | - if MaxSkew is 1,
- incoming pod can only be scheduled to zone3 to
- become 2/2/2; scheduling it onto zone1(zone2)
- would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1). - if MaxSkew is 2, incoming
- pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It's a required field. Default
- value is 1 and 0 is not allowed."
- format: int32
- type: integer
- minDomains:
- description: "MinDomains indicates a minimum number
- of eligible domains. When the number of eligible
- domains with matching topology keys is less than
- minDomains, Pod Topology Spread treats \"global
- minimum\" as 0, and then the calculation of Skew
- is performed. And when the number of eligible
- domains with matching topology keys equals or
- greater than minDomains, this value has no effect
- on scheduling. As a result, when the number of
- eligible domains is less than minDomains, scheduler
- won't schedule more than maxSkew Pods to those
- domains. If value is nil, the constraint behaves
- as if MinDomains is equal to 1. Valid values are
- integers greater than 0. When value is not nil,
- WhenUnsatisfiable must be DoNotSchedule. \n For
- example, in a 3-zone cluster, MaxSkew is set to
- 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2: | zone1 | zone2
- | zone3 | | P P | P P | P P | The number
- of domains is less than 5(MinDomains), so \"global
- minimum\" is treated as 0. In this situation,
- new pod with the same labelSelector cannot be
- scheduled, because computed skew will be 3(3 -
- 0) if new Pod is scheduled to any of the three
- zones, it will violate MaxSkew. \n This is a beta
- field and requires the MinDomainsInPodTopologySpread
- feature gate to be enabled (enabled by default)."
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: "NodeAffinityPolicy indicates how we
- will treat Pod's nodeAffinity/nodeSelector when
- calculating pod topology spread skew. Options
- are: - Honor: only nodes matching nodeAffinity/nodeSelector
- are included in the calculations. - Ignore: nodeAffinity/nodeSelector
- are ignored. All nodes are included in the calculations.
- \n If this value is nil, the behavior is equivalent
- to the Honor policy. This is a beta-level feature
- default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- nodeTaintsPolicy:
- description: "NodeTaintsPolicy indicates how we
- will treat node taints when calculating pod topology
- spread skew. Options are: - Honor: nodes without
- taints, along with tainted nodes for which the
- incoming pod has a toleration, are included. -
- Ignore: node taints are ignored. All nodes are
- included. \n If this value is nil, the behavior
- is equivalent to the Ignore policy. This is a
- beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- topologyKey:
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each as a "bucket", and
- try to put balanced number of pods into each bucket.
- We define a domain as a particular instance of
- a topology. Also, we define an eligible domain
- as a domain whose nodes meet the requirements
- of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
- If TopologyKey is "kubernetes.io/hostname", each
- Node is a domain of that topology. And, if TopologyKey
- is "topology.kubernetes.io/zone", each zone is
- a domain of that topology. It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how to
- deal with a pod if it doesn''t satisfy the spread
- constraint. - DoNotSchedule (default) tells the
- scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint
- is considered "Unsatisfiable" for an incoming
- pod if and only if every possible node assignment
- for that pod would violate "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set
- to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule,
- incoming pod can only be scheduled to zone2(zone3)
- to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
- satisfies MaxSkew(1). In other words, the cluster
- can still be imbalanced, but scheduler won''t
- make it *more* imbalanced. It''s a required field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: "List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes"
- items:
- description: Volume represents a named volume in a pod
- that may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: "awsElasticBlockStore represents an
- AWS Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty).'
- format: int32
- type: integer
- readOnly:
- description: "readOnly value true will force
- the readOnly setting in VolumeMounts. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: boolean
- volumeID:
- description: "volumeID is unique ID of the persistent
- disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data
- Disk mount on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: "cachingMode is the Host Caching
- mode: None, Read Only, Read Write."
- type: string
- diskName:
- description: diskName is the Name of the data
- disk in the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk
- in the blob storage
- type: string
- fsType:
- description: fsType is Filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- kind:
- description: "kind expected values are Shared:
- multiple blob disks per storage account Dedicated:
- single blob disk per storage account Managed:
- azure managed data disk (only in managed availability
- set). defaults to shared"
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File
- Service mount on the host and bind mount to the
- pod.
- properties:
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret
- that contains Azure Storage Account Name and
- Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on
- the host that shares a pod's lifetime
- properties:
- monitors:
- description: "monitors is Required: Monitors
- is a collection of Ceph monitors More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- items:
- type: string
- type: array
- path:
- description: "path is Optional: Used as the
- mounted root, rather than the full Ceph tree,
- default is /"
- type: string
- readOnly:
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: boolean
- secretFile:
- description: "secretFile is Optional: SecretFile
- is the path to key ring for User, default
- is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- secretRef:
- description: "secretRef is Optional: SecretRef
- is reference to the authentication secret
- for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is optional: User is the
- rados user name, default is admin More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: "cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: "readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: boolean
- secretRef:
- description: "secretRef is optional: points
- to a secret object containing parameters used
- to connect to OpenStack."
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: "volumeID used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that
- should populate this volume
- properties:
- defaultMode:
- description: "defaultMode is optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced ConfigMap
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap, the
- volume setup will error unless it is marked
- optional. Paths must be relative and may not
- contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: driver is the name of the CSI driver
- that handles this volume. Consult with your
- admin for the correct name as registered in
- the cluster.
- type: string
- fsType:
- description: fsType to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is
- passed to the associated CSI driver which
- will determine the default filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: nodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to complete
- the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be
- empty if no secret is required. If the secret
- object contains more than one secret, all
- secret references are passed.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: readOnly specifies a read-only
- configuration for the volume. Defaults to
- false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for supported
- values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API
- about the pod that should populate this volume
- properties:
- defaultMode:
- description: "Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: Items is a list of downward API
- volume file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: "Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set."
- format: int32
- type: integer
- path:
- description: "Required: Path is the relative
- path name of the file to be created.
- Must not be absolute or contain the
- '..' path. Must be utf-8 encoded.
- The first item of the relative path
- must not start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are
- currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: "emptyDir represents a temporary directory
- that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- properties:
- medium:
- description: 'medium represents what type of
- storage medium should back this directory.
- The default is "" which means to use the node''s
- default medium. Must be an empty string (default)
- or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: "sizeLimit is the total amount
- of local storage required for this EmptyDir
- volume. The size limit is also applicable
- for memory medium. The maximum usage on memory
- medium EmptyDir would be the minimum value
- between the SizeLimit specified here and the
- sum of memory limits of all containers in
- a pod. The default is nil which means that
- the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "ephemeral represents a volume that
- is handled by a cluster storage driver. The volume's
- lifecycle is tied to the pod that defines it -
- it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c) the
- storage driver is specified through a storage
- class, and d) the storage driver supports dynamic
- volume provisioning through a PersistentVolumeClaim
- (see EphemeralVolumeSource for more information
- on the connection between this volume type and
- PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes
- that persist for longer than the lifecycle of
- an individual pod. \n Use CSI for light-weight
- local ephemeral volumes if the CSI driver is meant
- to be used that way - see the documentation of
- the driver for more information. \n A pod can
- use both types of ephemeral volumes and persistent
- volumes at the same time."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in which
- this EphemeralVolumeSource is embedded will
- be the owner of the PVC, i.e. the PVC will
- be deleted together with the pod. The name
- of the PVC will be `-`
- where `` is the name from the
- `PodSpec.Volumes` array entry. Pod validation
- will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
- \n An existing PVC with that name that is
- not owned by the pod will *not* be used for
- the pod to avoid using an unrelated volume
- by mistake. Starting the pod is then blocked
- until the unrelated PVC is removed. If such
- a pre-created PVC is meant to be used by the
- pod, the PVC has to updated with an owner
- reference to the pod once the pod exists.
- Normally this should not be necessary, but
- it may be useful when manually reconstructing
- a broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created. \n Required,
- must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when
- creating it. No other fields are allowed
- and will be rejected during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged
- into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: "accessModes contains the
- desired access modes the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"
- items:
- type: string
- type: array
- dataSource:
- description: "dataSource field can be
- used to specify either: * An existing
- VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external
- controller can support the specified
- data source, it will create a new
- volume based on the contents of the
- specified data source. When the AnyVolumeDataSource
- feature gate is enabled, dataSource
- contents will be copied to dataSourceRef,
- and dataSourceRef contents will be
- copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace
- is specified, then dataSourceRef will
- not be copied to dataSource."
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: "dataSourceRef specifies
- the object from which to populate
- the volume with data, if a non-empty
- volume is desired. This may be any
- object from a non-empty API group
- (non core object) or a PersistentVolumeClaim
- object. When this field is specified,
- volume binding will only succeed if
- the type of the specified object matches
- some installed volume populator or
- dynamic provisioner. This field will
- replace the functionality of the dataSource
- field and as such if both fields are
- non-empty, they must have the same
- value. For backwards compatibility,
- when namespace isn't specified in
- dataSourceRef, both fields (dataSource
- and dataSourceRef) will be set to
- the same value automatically if one
- of them is empty and the other is
- non-empty. When namespace is specified
- in dataSourceRef, dataSource isn't
- set to the same value and must be
- empty. There are three important differences
- between dataSource and dataSourceRef:
- * While dataSource only allows two
- specific types of objects, dataSourceRef
- allows any non-core object, as well
- as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed
- values (dropping them), dataSourceRef
- preserves all values, and generates
- an error if a disallowed value is
- specified. * While dataSource only
- allows local objects, dataSourceRef
- allows objects in any namespaces.
- (Beta) Using this field requires the
- AnyVolumeDataSource feature gate to
- be enabled. (Alpha) Using the namespace
- field of dataSourceRef requires the
- CrossNamespaceVolumeDataSource feature
- gate to be enabled."
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- namespace:
- description: Namespace is the namespace
- of resource being referenced Note
- that when a namespace is specified,
- a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent
- namespace to allow that namespace's
- owner to accept the reference.
- See the ReferenceGrant documentation
- for details. (Alpha) This field
- requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: "resources represents the
- minimum resources the volume should
- have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed
- to specify resource requirements that
- are lower than previous value but
- must still be higher than capacity
- recorded in the status field of the
- claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources"
- properties:
- claims:
- description: "Claims lists the names
- of resources, defined in spec.resourceClaims,
- that are used by this container.
- \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is
- immutable. It can only be set
- for containers."
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match
- the name of one entry in
- pod.spec.resourceClaims
- of the Pod where this field
- is used. It makes that resource
- available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the
- maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container, it
- defaults to Limits if that is
- explicitly specified, otherwise
- to an implementation-defined value.
- Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- selector:
- description: selector is a label query
- over volumes to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: "storageClassName is the
- name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1"
- type: string
- volumeMode:
- description: volumeMode defines what
- type of volume is required by the
- claim. Value of Filesystem is implied
- when not included in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding
- reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource
- that is attached to a kubelet's host machine and
- then exposed to the pod.
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. TODO: how do we prevent errors
- in the filesystem from compromising the machine'
- type: string
- lun:
- description: "lun is Optional: FC target lun
- number"
- format: int32
- type: integer
- readOnly:
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts."
- type: boolean
- targetWWNs:
- description: "targetWWNs is Optional: FC target
- worldwide names (WWNs)"
- items:
- type: string
- type: array
- wwids:
- description: "wwids Optional: FC volume world
- wide identifiers (wwids) Either wwids or combination
- of targetWWNs and lun must be set, but not
- both simultaneously."
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: flexVolume represents a generic volume
- resource that is provisioned/attached using an
- exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver
- to use for this volume.
- type: string
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends
- on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: "options is Optional: this field
- holds extra command options if any."
- type: object
- readOnly:
- description: "readOnly is Optional: defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts."
- type: boolean
- secretRef:
- description: "secretRef is Optional: secretRef
- is reference to the secret object containing
- sensitive information to pass to the plugin
- scripts. This may be empty if no secret object
- is specified. If the secret object contains
- more than one secret, all secrets are passed
- to the plugin scripts."
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume
- attached to a kubelet's host machine. This depends
- on the Flocker control service being running
- properties:
- datasetName:
- description: datasetName is Name of the dataset
- stored as metadata -> name on the dataset
- for Flocker should be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the
- dataset. This is unique identifier of a Flocker
- dataset
- type: string
- type: object
- gcePersistentDisk:
- description: "gcePersistentDisk represents a GCE
- Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- properties:
- fsType:
- description: 'fsType is filesystem type of the
- volume that you want to mount. Tip: Ensure
- that the filesystem type is supported by the
- host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: "pdName is unique name of the PD
- resource in GCE. Used to identify the disk
- in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: "gitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with a
- git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the
- EmptyDir into the Pod's container."
- properties:
- directory:
- description: directory is the target directory
- name. Must not contain or start with '..'. If
- '.' is supplied, the volume directory will
- be the git repository. Otherwise, if specified,
- the volume will contain the git repository
- in the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for
- the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: "glusterfs represents a Glusterfs mount
- on the host that shares a pod's lifetime. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md"
- properties:
- endpoints:
- description: "endpoints is the endpoint name
- that details Glusterfs topology. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- path:
- description: "path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- readOnly:
- description: "readOnly here will force the Glusterfs
- volume to be mounted with read-only permissions.
- Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: "hostPath represents a pre-existing
- file or directory on the host machine that is
- directly exposed to the container. This is generally
- used for system agents or other privileged things
- that are allowed to see the host machine. Most
- containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can
- use host directory mounts and who can/can not
- mount host directories as read/write."
- properties:
- path:
- description: "path of the directory on the host.
- If the path is a symlink, it will follow the
- link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
- type: string
- type:
- description: 'type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: "iscsi represents an ISCSI Disk resource
- that is attached to a kubelet's host machine
- and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md"
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether
- support iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether
- support iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- initiatorName:
- description: initiatorName is the custom iSCSI
- Initiator Name. If initiatorName is specified
- with iscsiInterface simultaneously, new iSCSI
- interface : will
- be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified
- Name.
- type: string
- iscsiInterface:
- description: iscsiInterface is the interface
- Name that uses an iSCSI transport. Defaults
- to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun
- number.
- format: int32
- type: integer
- portals:
- description: portals is the iSCSI Target Portal
- List. The portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for
- iSCSI target and initiator authentication
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: targetPortal is iSCSI Target Portal.
- The Portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: "name of the volume. Must be a DNS_LABEL
- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
- type: string
- nfs:
- description: "nfs represents an NFS mount on the
- host that shares a pod's lifetime More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- properties:
- path:
- description: "path that is exported by the NFS
- server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- readOnly:
- description: "readOnly here will force the NFS
- export to be mounted with read-only permissions.
- Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: boolean
- server:
- description: "server is the hostname or IP address
- of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: "persistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- properties:
- claimName:
- description: "claimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this
- volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- type: string
- readOnly:
- description: readOnly Will force the ReadOnly
- setting in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets
- host machine
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies
- Photon Controller persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fSType represents the filesystem
- type to mount Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a
- Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources
- secrets, configmaps, and downward API
- properties:
- defaultMode:
- description: defaultMode are the mode bits used
- to set permissions on created files by default.
- Must be an octal value between 0000 and 0777
- or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON
- requires decimal values for mode bits. Directories
- within the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- configMap:
- description: configMap information about
- the configMap data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced ConfigMap
- will be projected into the volume
- as a file whose name is the key
- and content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the ConfigMap, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: key is the key
- to project.
- type: string
- mode:
- description: "mode is Optional:
- mode bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the
- key to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether
- the ConfigMap or its keys must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about
- the downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile
- represents information to create
- the file containing the pod field
- properties:
- fieldRef:
- description: "Required: Selects
- a field of the pod: only annotations,
- labels, name and namespace
- are supported."
- properties:
- apiVersion:
- description: Version of
- the schema the FieldPath
- is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the
- field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode
- bits used to set permissions
- on this file, must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: "Required: Path
- is the relative path name
- of the file to be created.
- Must not be absolute or contain
- the '..' path. Must be utf-8
- encoded. The first item of
- the relative path must not
- start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource
- of the container: only resources
- limits and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are currently
- supported."
- properties:
- containerName:
- description: "Container
- name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the
- output format of the exposed
- resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required:
- resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about
- the secret data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced Secret will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the Secret, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: key is the key
- to project.
- type: string
- mode:
- description: "mode is Optional:
- mode bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the
- key to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional field specify
- whether the Secret or its key must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information
- about the serviceAccountToken data to
- project
- properties:
- audience:
- description: audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified in
- the audience of the token, and otherwise
- should reject the token. The audience
- defaults to the identifier of the
- apiserver.
- type: string
- expirationSeconds:
- description: expirationSeconds is
- the requested duration of validity
- of the service account token. As
- the token approaches expiration,
- the kubelet volume plugin will proactively
- rotate the service account token.
- The kubelet will start trying to
- rotate the token if the token is
- older than 80 percent of its time
- to live or if the token is older
- than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: path is the path relative
- to the mount point of the file to
- project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
- properties:
- group:
- description: group to map volume access to Default
- is no group
- type: string
- readOnly:
- description: readOnly here will force the Quobyte
- volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: registry represents a single or
- multiple Quobyte Registry services specified
- as a string as host:port pair (multiple entries
- are separated with commas) which acts as the
- central registry for volumes
- type: string
- tenant:
- description: tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is set
- by the plugin
- type: string
- user:
- description: user to map volume access to Defaults
- to serivceaccount user
- type: string
- volume:
- description: volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: "rbd represents a Rados Block Device
- mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- image:
- description: "image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- keyring:
- description: "keyring is the path to key ring
- for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- monitors:
- description: "monitors is a collection of Ceph
- monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- items:
- type: string
- type: array
- pool:
- description: "pool is the rados pool name. Default
- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: boolean
- secretRef:
- description: "secretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is the rados user name. Default
- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of
- the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of
- the ScaleIO Protection Domain for the configured
- storage.
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef references to the secret
- for ScaleIO user and other sensitive information.
- If this is not provided, Login operation will
- fail.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable
- SSL communication with Gateway, default false
- type: boolean
- storageMode:
- description: storageMode indicates whether the
- storage for a volume should be ThickProvisioned
- or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage
- Pool associated with the protection domain.
- type: string
- system:
- description: system is the name of the storage
- system as configured in ScaleIO.
- type: string
- volumeName:
- description: volumeName is the name of a volume
- already created in the ScaleIO system that
- is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: "secret represents a secret that should
- populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- properties:
- defaultMode:
- description: "defaultMode is Optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: items If unspecified, each key-value
- pair in the Data field of the referenced Secret
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret, the volume
- setup will error unless it is marked optional.
- Paths must be relative and may not contain
- the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether
- the Secret or its keys must be defined
- type: boolean
- secretName:
- description: "secretName is the name of the
- secret in the pod's namespace to use. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef specifies the secret
- to use for obtaining the StorageOS API credentials. If
- not specified, default values will be attempted.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: volumeName is the human-readable
- name of the StorageOS volume. Volume names
- are only unique within a namespace.
- type: string
- volumeNamespace:
- description: volumeNamespace specifies the scope
- of the volume within StorageOS. If no namespace
- is specified then the Pod's namespace will
- be used. This allows the Kubernetes name
- scoping to be mirrored within StorageOS for
- tighter integration. Set VolumeName to any
- name to override the default behaviour. Set
- to "default" if you are not using namespaces
- within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage
- Policy Based Management (SPBM) profile ID
- associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage
- Policy Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies
- vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- type: object
- jobService:
- description: "Deploys the Job service for use by workflows without
- the `sonataflow.org/profile: dev` annotation."
- properties:
- enabled:
- description: "Determines whether workflows without the `sonataflow.org/profile:
- dev` annotation should be configured to use this service"
- type: boolean
- persistence:
- description: Persists service to a datasource of choice. Ephemeral
- by default.
- maxProperties: 1
- properties:
- postgresql:
- description: Connect configured services to a postgresql
- database.
- maxProperties: 2
- minProperties: 2
- properties:
- jdbcUrl:
- description: PostgreSql JDBC URL. Mutually exclusive
- to serviceRef. e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
- type: string
- secretRef:
- description: Secret reference to the database user
- credentials
- properties:
- name:
- description: Name of the postgresql credentials
- secret.
- type: string
- passwordKey:
- description: Defaults to POSTGRESQL_PASSWORD
- type: string
- userKey:
- description: Defaults to POSTGRESQL_USER
- type: string
- required:
- - name
- type: object
- serviceRef:
- description: Service reference to postgresql datasource.
- Mutually exclusive to jdbcUrl.
- properties:
- databaseName:
- description: Name of postgresql database to be
- used. Defaults to "sonataflow"
- type: string
- databaseSchema:
- description: Schema of postgresql database to
- be used. Defaults to "data-index-service"
- type: string
- name:
- description: Name of the postgresql k8s service.
- type: string
- namespace:
- description: Namespace of the postgresql k8s service.
- Defaults to the SonataFlowPlatform's local namespace.
- type: string
- port:
- description: Port to use when connecting to the
- postgresql k8s service. Defaults to 5432.
- type: integer
- required:
- - name
- type: object
- required:
- - secretRef
- type: object
- type: object
- podTemplate:
- description: PodTemplate describes the deployment details
- of this platform service instance.
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before the
- system will actively try to mark it failed and kill
- associated containers. Value must be a positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules
- for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node matches
- the corresponding matchExpressions; the node(s)
- with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term
- matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling
- term matches no objects (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching
- the corresponding nodeSelectorTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod
- from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector
- terms. The terms are ORed.
- items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: The label key that
- the selector applies to.
- type: string
- operator:
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
- type: string
- values:
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- type: array
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules
- (e.g. co-locate this pod in the same node, zone,
- etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most preferred
- is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a
- sum by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added per-node
- to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term,
- associated with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of
- resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates whether
- a service account token should be automatically mounted.
- type: boolean
- container:
- description: Container is the Kubernetes container where
- the application should run. One can change this attribute
- in order to override the defaults provided by the operator.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$
- are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage,
- requests.cpu, requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults
- to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate
- key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never,
- IfNotPresent. Defaults to Always if :latest tag
- is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should
- take in response to container lifecycle events.
- Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before
- a container is terminated due to an API request
- or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the
- handler, the container will eventually terminate
- within the Pod's termination grace period (unless
- delayed by finalizers). Other management of
- the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a
- custom header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying this
- array with strategic merge patch may corrupt the
- data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid port
- number, 0 < x < 65536. If HostNetwork is specified,
- this must match ContainerPort. Most containers
- do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port
- in a pod must have a unique name. Name for
- the port that can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it
- defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It
- can only be set for containers."
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of
- one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes
- that resource available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. Requests cannot
- exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges than
- its parent process. This bool directly controls
- if the no_new_privs flag will be set on the
- container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name is
- windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set when
- spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name is
- windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note that
- this field cannot be set when spec.os.name is
- windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided at
- both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name is
- windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a
- profile defined in a file on the node should
- be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be set
- if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of
- seccomp profile will be applied. Valid options
- are: \n Localhost - a profile defined in
- a file on the node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the
- GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only
- be honored by components that enable the
- WindowsHostProcessContainers feature flag.
- Setting this field without the feature flag
- will result in errors when validating the
- Pod. All of a Pod's containers must have
- the same effective HostProcess value (it
- is not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run
- the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no other
- probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted,
- just as if the livenessProbe failed. This can be
- used to provide different probe parameters at the
- beginning of a Pod's lifecycle, when it might take
- a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach sessions.
- If stdinOnce is set to true, stdin is opened on
- container start, is empty until the first client
- attaches to stdin, and then remains open and accepts
- data until the client disconnects, at which time
- stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container
- processes that reads from stdin will never receive
- an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated
- by the node if greater than 4096 bytes. The total
- message length across all containers will be limited
- to 12kb. Defaults to /dev/termination-log. Cannot
- be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output is
- limited to 2048 bytes or 80 lines, whichever is
- smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be true.
- Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of
- a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of
- the container that the device will be mapped
- to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting of
- a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at which
- the volume should be mounted. Must not contain
- ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should be
- mounted. Behaves similarly to SubPath but
- environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- type: object
- containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be updated.
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents
- resource resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
- items:
- description: ResourceClaim references one
- entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers generated
- from DNSPolicy. Duplicated nameservers will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated from
- DNSPolicy. Duplicated entries will be removed. Resolution
- options given in Options will override those that
- appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver
- options of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig
- will be merged with the policy selected with DNSPolicy.
- To have DNS options set along with hostNetwork, you
- have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: "EnableServiceLinks indicates whether information
- about services should be injected into pod's environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true."
- type: boolean
- hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts file
- if specified. This is only valid for non-hostNetwork
- pods.
- items:
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry in
- the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: "Use the host's ipc namespace. Optional:
- Default to false."
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod. Use
- the host's network namespace. If this option is set,
- the ports that will be used must be specified. Default
- to false.
- type: boolean
- hostPID:
- description: "Use the host's pid namespace. Optional:
- Default to false."
- type: boolean
- hostUsers:
- description: "Use the host's user namespace. Optional:
- Default to true. If set to true or not present, the
- pod will be run in the host user namespace, useful for
- when the pod needs a feature only available to the host
- user namespace, such as loading a kernel module with
- CAP_SYS_MODULE. When set to false, a new userns is created
- for the pod. Setting false is useful for mitigating
- container breakout vulnerabilities even allowing users
- to run their containers as root without actually having
- root privileges on the host. This field is alpha-level
- and is only honored by servers that enable the UserNamespacesSupport
- feature."
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
- type: string
- imagePullSecrets:
- description: "ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use for
- pulling any of the images used by this PodSpec. If specified,
- these secrets will be passed to individual puller implementations
- for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod"
- items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the
- same namespace.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- initContainers:
- description: "List of initialization containers belonging
- to the pod. Init containers are executed in order prior
- to containers being started. If any init container fails,
- the pod is considered to have failed and is handled
- according to its restartPolicy. The name for an init
- container or normal container must be unique among all
- containers. Init containers may not have Lifecycle actions,
- Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken
- into account during scheduling by finding the highest
- request/limit for each resource type, and then using
- the max of of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar fashion.
- Init containers cannot currently be added or removed.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
- items:
- description: A single application container that you
- want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set
- in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
- items:
- description: EnvFromSource represents the source
- of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
- properties:
- host:
- description: "Optional: Host name to
- connect to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents
- resource resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
- items:
- description: ResourceClaim references one
- entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX
- capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will be
- mapped to.
- type: string
- name:
- description: name must match the name of a
- persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container at
- which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a
- Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
- type: boolean
- subPath:
- description: Path within the volume from which
- the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this pod
- onto a specific node. If it is non-empty, the scheduler
- simply schedules this pod onto that node, assuming that
- it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: "NodeSelector is a selector which must be
- true for the pod to fit on a node. Selector which must
- match a node's labels for the pod to be scheduled on
- that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
- type: object
- x-kubernetes-map-type: atomic
- os:
- description: "Specifies the OS of the containers in the
- pod. Some pod and container fields are restricted if
- this is set. \n If the OS field is set to linux, the
- following fields must be unset: -securityContext.windowsOptions
- \n If the OS field is set to windows, following fields
- must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers
- - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
- - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
- - spec.securityContext.sysctls - spec.shareProcessNamespace
- - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
- - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
- - spec.containers[*].securityContext.seccompProfile
- - spec.containers[*].securityContext.capabilities -
- spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- - spec.containers[*].securityContext.runAsGroup"
- properties:
- name:
- description: "Name is the name of the operating system.
- The currently supported values are linux and windows.
- Additional value may be defined in future and can
- be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values
- and treat unrecognized values in this field as os:
- null"
- type: string
- required:
- - name
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time by
- the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not be
- set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set to
- the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md"
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
- Defaults to PreemptLowerPriority if unset.
- type: string
- priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will be
- evaluated for pod readiness. A pod is ready when all
- its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True" More
- info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
- items:
- description: PodReadinessGate contains the reference
- to a pod condition
- properties:
- conditionType:
- description: ConditionType refers to a condition
- in the pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- replicas:
- format: int32
- type: integer
- resourceClaims:
- description: "ResourceClaims defines which ResourceClaims
- must be allocated and reserved before the Pod is allowed
- to start. The resources will be made available to those
- containers which consume them by name. \n This is an
- alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
- items:
- description: PodResourceClaim references exactly one
- ResourceClaim through a ClaimSource. It adds a name
- to it that uniquely identifies the ResourceClaim inside
- the Pod. Containers that need access to the ResourceClaim
- reference it with this name.
- properties:
- name:
- description: Name uniquely identifies this resource
- claim inside the pod. This must be a DNS_LABEL.
- type: string
- source:
- description: Source describes where to find the
- ResourceClaim.
- properties:
- resourceClaimName:
- description: ResourceClaimName is the name of
- a ResourceClaim object in the same namespace
- as this pod.
- type: string
- resourceClaimTemplateName:
- description: "ResourceClaimTemplateName is the
- name of a ResourceClaimTemplate object in
- the same namespace as this pod. \n The template
- will be used to create a new ResourceClaim,
- which will be bound to this pod. When this
- pod is deleted, the ResourceClaim will also
- be deleted. The name of the ResourceClaim
- will be -, where
- is the PodResourceClaim.Name.
- Pod validation will reject the pod if the
- concatenated name is not valid for a ResourceClaim
- (e.g. too long). \n An existing ResourceClaim
- with that name that is not owned by the pod
- will not be used for the pod to avoid using
- an unrelated resource by mistake. Scheduling
- and pod startup are then blocked until the
- unrelated ResourceClaim is removed. \n This
- field is immutable and no changes will be
- made to the corresponding ResourceClaim by
- the control plane after creating the ResourceClaim."
- type: string
- type: object
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- restartPolicy:
- description: "Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. In some contexts,
- only a subset of those values may be permitted. Default
- to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy"
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset or
- empty, the "legacy" RuntimeClass will be used, which
- is an implicit class with an empty definition that uses
- the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod will
- be dispatched by default scheduler.
- type: string
- schedulingGates:
- description: "SchedulingGates is an opaque list of values
- that if specified will block scheduling the pod. If
- schedulingGates is not empty, the pod will stay in the
- SchedulingGated state and the scheduler will not attempt
- to schedule the pod. \n SchedulingGates can only be
- set at pod creation time, and be removed only afterwards.
- \n This is a beta feature enabled by the PodSchedulingReadiness
- feature gate."
- items:
- description: PodSchedulingGate is associated to a Pod
- to guard its scheduling.
- properties:
- name:
- description: Name of the scheduling gate. Each scheduling
- gate must have a unique name field.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityContext:
- description: "SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field."
- properties:
- fsGroup:
- description: "A special supplemental group that applies
- to all containers in a pod. Some volume types allow
- the Kubelet to change the ownership of that volume
- to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files
- created in the volume will be owned by FSGroup)
- 3. The permission bits are OR'd with rw-rw---- \n
- If unset, the Kubelet will not modify the ownership
- and permissions of any volume. Note that this field
- cannot be set when spec.os.name is windows."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have no
- effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.
- Note that this field cannot be set when spec.os.name
- is windows.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for
- that container. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not
- run as UID 0 (root) and fail to start the container
- if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified in
- image metadata if unspecified. May also be set in
- SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container. Note that this
- field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to
- all containers. If unspecified, the container runtime
- will allocate a random SELinux context for each
- container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container. Note that this field cannot
- be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file on
- the node should be used. RuntimeDefault - the
- container runtime default profile should be
- used. Unconfined - no profile should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to the
- container's primary GID, the fsGroup (if specified),
- and group memberships defined in the container image
- for the uid of the container process. If unspecified,
- no additional groups are added to any container.
- Note that group memberships defined in the container
- image for the uid of the container process are still
- effective, even if they are not included in this
- list. Note that this field cannot be set when spec.os.name
- is windows.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- Note that this field cannot be set when spec.os.name
- is windows.
- items:
- description: Sysctl defines a kernel parameter to
- be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options within
- a container's SecurityContext will be used. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the
- feature flag will result in errors when validating
- the Pod. All of a Pod's containers must have
- the same effective HostProcess value (it is
- not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork must
- also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: "ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/"
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the default).
- In Linux containers, this means setting the FQDN in
- the hostname field of the kernel (the nodename field
- of struct utsname). In Windows containers, this means
- setting the registry value of hostname for the registry
- key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect.
- Default to false.
- type: boolean
- shareProcessNamespace:
- description: "Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process in
- each container will not be assigned PID 1. HostPID and
- ShareProcessNamespace cannot both be set. Optional:
- Default to false."
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname
- will be "...svc.". If not specified, the pod will not have a
- domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple
- using the matching operator .
- properties:
- effect:
- description: Effect indicates the taint effect to
- match. Empty means match all taint effects. When
- specified, allowed values are NoSchedule, PreferNoSchedule
- and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
- type: string
- operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and Equal.
- Defaults to Equal. Exists is equivalent to wildcard
- for value, so that a pod can tolerate all taints
- of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period
- of time the toleration (which must be of effect
- NoExecute, otherwise this field is ignored) tolerates
- the taint. By default, it is not set, which means
- tolerate the taint forever (do not evict). Zero
- and negative values will be treated as 0 (evict
- immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how a
- group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides by
- the constraints. All topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies how
- to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: "MatchLabelKeys is a set of pod label
- keys to select the pods over which spreading will
- be calculated. The keys are used to lookup values
- from the incoming pod labels, those key-value
- labels are ANDed with labelSelector to select
- the group of existing pods over which spreading
- will be calculated for the incoming pod. The same
- key is forbidden to exist in both MatchLabelKeys
- and LabelSelector. MatchLabelKeys cannot be set
- when LabelSelector isn't set. Keys that don't
- exist in the incoming pod labels will be ignored.
- A null or empty list means only match against
- labelSelector. \n This is a beta field and requires
- the MatchLabelKeysInPodTopologySpread feature
- gate to be enabled (enabled by default)."
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: "MaxSkew describes the degree to which
- pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between
- the number of matching pods in the target topology
- and the global minimum. The global minimum is
- the minimum number of matching pods in an eligible
- domain or zero if the number of eligible domains
- is less than MinDomains. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the
- same labelSelector spread as 2/2/1: In this case,
- the global minimum is 1. | zone1 | zone2 | zone3
- | | P P | P P | P | - if MaxSkew is 1,
- incoming pod can only be scheduled to zone3 to
- become 2/2/2; scheduling it onto zone1(zone2)
- would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1). - if MaxSkew is 2, incoming
- pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It's a required field. Default
- value is 1 and 0 is not allowed."
- format: int32
- type: integer
- minDomains:
- description: "MinDomains indicates a minimum number
- of eligible domains. When the number of eligible
- domains with matching topology keys is less than
- minDomains, Pod Topology Spread treats \"global
- minimum\" as 0, and then the calculation of Skew
- is performed. And when the number of eligible
- domains with matching topology keys equals or
- greater than minDomains, this value has no effect
- on scheduling. As a result, when the number of
- eligible domains is less than minDomains, scheduler
- won't schedule more than maxSkew Pods to those
- domains. If value is nil, the constraint behaves
- as if MinDomains is equal to 1. Valid values are
- integers greater than 0. When value is not nil,
- WhenUnsatisfiable must be DoNotSchedule. \n For
- example, in a 3-zone cluster, MaxSkew is set to
- 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2: | zone1 | zone2
- | zone3 | | P P | P P | P P | The number
- of domains is less than 5(MinDomains), so \"global
- minimum\" is treated as 0. In this situation,
- new pod with the same labelSelector cannot be
- scheduled, because computed skew will be 3(3 -
- 0) if new Pod is scheduled to any of the three
- zones, it will violate MaxSkew. \n This is a beta
- field and requires the MinDomainsInPodTopologySpread
- feature gate to be enabled (enabled by default)."
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: "NodeAffinityPolicy indicates how we
- will treat Pod's nodeAffinity/nodeSelector when
- calculating pod topology spread skew. Options
- are: - Honor: only nodes matching nodeAffinity/nodeSelector
- are included in the calculations. - Ignore: nodeAffinity/nodeSelector
- are ignored. All nodes are included in the calculations.
- \n If this value is nil, the behavior is equivalent
- to the Honor policy. This is a beta-level feature
- default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- nodeTaintsPolicy:
- description: "NodeTaintsPolicy indicates how we
- will treat node taints when calculating pod topology
- spread skew. Options are: - Honor: nodes without
- taints, along with tainted nodes for which the
- incoming pod has a toleration, are included. -
- Ignore: node taints are ignored. All nodes are
- included. \n If this value is nil, the behavior
- is equivalent to the Ignore policy. This is a
- beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- topologyKey:
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each as a "bucket", and
- try to put balanced number of pods into each bucket.
- We define a domain as a particular instance of
- a topology. Also, we define an eligible domain
- as a domain whose nodes meet the requirements
- of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
- If TopologyKey is "kubernetes.io/hostname", each
- Node is a domain of that topology. And, if TopologyKey
- is "topology.kubernetes.io/zone", each zone is
- a domain of that topology. It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how to
- deal with a pod if it doesn''t satisfy the spread
- constraint. - DoNotSchedule (default) tells the
- scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint
- is considered "Unsatisfiable" for an incoming
- pod if and only if every possible node assignment
- for that pod would violate "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set
- to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule,
- incoming pod can only be scheduled to zone2(zone3)
- to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
- satisfies MaxSkew(1). In other words, the cluster
- can still be imbalanced, but scheduler won''t
- make it *more* imbalanced. It''s a required field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: "List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes"
- items:
- description: Volume represents a named volume in a pod
- that may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: "awsElasticBlockStore represents an
- AWS Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty).'
- format: int32
- type: integer
- readOnly:
- description: "readOnly value true will force
- the readOnly setting in VolumeMounts. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: boolean
- volumeID:
- description: "volumeID is unique ID of the persistent
- disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data
- Disk mount on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: "cachingMode is the Host Caching
- mode: None, Read Only, Read Write."
- type: string
- diskName:
- description: diskName is the Name of the data
- disk in the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk
- in the blob storage
- type: string
- fsType:
- description: fsType is Filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- kind:
- description: "kind expected values are Shared:
- multiple blob disks per storage account Dedicated:
- single blob disk per storage account Managed:
- azure managed data disk (only in managed availability
- set). defaults to shared"
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File
- Service mount on the host and bind mount to the
- pod.
- properties:
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret
- that contains Azure Storage Account Name and
- Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on
- the host that shares a pod's lifetime
- properties:
- monitors:
- description: "monitors is Required: Monitors
- is a collection of Ceph monitors More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- items:
- type: string
- type: array
- path:
- description: "path is Optional: Used as the
- mounted root, rather than the full Ceph tree,
- default is /"
- type: string
- readOnly:
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: boolean
- secretFile:
- description: "secretFile is Optional: SecretFile
- is the path to key ring for User, default
- is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- secretRef:
- description: "secretRef is Optional: SecretRef
- is reference to the authentication secret
- for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is optional: User is the
- rados user name, default is admin More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: "cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: "readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: boolean
- secretRef:
- description: "secretRef is optional: points
- to a secret object containing parameters used
- to connect to OpenStack."
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: "volumeID used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that
- should populate this volume
- properties:
- defaultMode:
- description: "defaultMode is optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced ConfigMap
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap, the
- volume setup will error unless it is marked
- optional. Paths must be relative and may not
- contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: driver is the name of the CSI driver
- that handles this volume. Consult with your
- admin for the correct name as registered in
- the cluster.
- type: string
- fsType:
- description: fsType to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is
- passed to the associated CSI driver which
- will determine the default filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: nodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to complete
- the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be
- empty if no secret is required. If the secret
- object contains more than one secret, all
- secret references are passed.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: readOnly specifies a read-only
- configuration for the volume. Defaults to
- false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for supported
- values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API
- about the pod that should populate this volume
- properties:
- defaultMode:
- description: "Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: Items is a list of downward API
- volume file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: "Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set."
- format: int32
- type: integer
- path:
- description: "Required: Path is the relative
- path name of the file to be created.
- Must not be absolute or contain the
- '..' path. Must be utf-8 encoded.
- The first item of the relative path
- must not start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are
- currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to
- select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: "emptyDir represents a temporary directory
- that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- properties:
- medium:
- description: 'medium represents what type of
- storage medium should back this directory.
- The default is "" which means to use the node''s
- default medium. Must be an empty string (default)
- or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: "sizeLimit is the total amount
- of local storage required for this EmptyDir
- volume. The size limit is also applicable
- for memory medium. The maximum usage on memory
- medium EmptyDir would be the minimum value
- between the SizeLimit specified here and the
- sum of memory limits of all containers in
- a pod. The default is nil which means that
- the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "ephemeral represents a volume that
- is handled by a cluster storage driver. The volume's
- lifecycle is tied to the pod that defines it -
- it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c) the
- storage driver is specified through a storage
- class, and d) the storage driver supports dynamic
- volume provisioning through a PersistentVolumeClaim
- (see EphemeralVolumeSource for more information
- on the connection between this volume type and
- PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes
- that persist for longer than the lifecycle of
- an individual pod. \n Use CSI for light-weight
- local ephemeral volumes if the CSI driver is meant
- to be used that way - see the documentation of
- the driver for more information. \n A pod can
- use both types of ephemeral volumes and persistent
- volumes at the same time."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in which
- this EphemeralVolumeSource is embedded will
- be the owner of the PVC, i.e. the PVC will
- be deleted together with the pod. The name
- of the PVC will be `-`
- where `` is the name from the
- `PodSpec.Volumes` array entry. Pod validation
- will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
- \n An existing PVC with that name that is
- not owned by the pod will *not* be used for
- the pod to avoid using an unrelated volume
- by mistake. Starting the pod is then blocked
- until the unrelated PVC is removed. If such
- a pre-created PVC is meant to be used by the
- pod, the PVC has to updated with an owner
- reference to the pod once the pod exists.
- Normally this should not be necessary, but
- it may be useful when manually reconstructing
- a broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created. \n Required,
- must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when
- creating it. No other fields are allowed
- and will be rejected during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged
- into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: "accessModes contains the
- desired access modes the volume should
- have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"
- items:
- type: string
- type: array
- dataSource:
- description: "dataSource field can be
- used to specify either: * An existing
- VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external
- controller can support the specified
- data source, it will create a new
- volume based on the contents of the
- specified data source. When the AnyVolumeDataSource
- feature gate is enabled, dataSource
- contents will be copied to dataSourceRef,
- and dataSourceRef contents will be
- copied to dataSource when dataSourceRef.namespace
- is not specified. If the namespace
- is specified, then dataSourceRef will
- not be copied to dataSource."
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: "dataSourceRef specifies
- the object from which to populate
- the volume with data, if a non-empty
- volume is desired. This may be any
- object from a non-empty API group
- (non core object) or a PersistentVolumeClaim
- object. When this field is specified,
- volume binding will only succeed if
- the type of the specified object matches
- some installed volume populator or
- dynamic provisioner. This field will
- replace the functionality of the dataSource
- field and as such if both fields are
- non-empty, they must have the same
- value. For backwards compatibility,
- when namespace isn't specified in
- dataSourceRef, both fields (dataSource
- and dataSourceRef) will be set to
- the same value automatically if one
- of them is empty and the other is
- non-empty. When namespace is specified
- in dataSourceRef, dataSource isn't
- set to the same value and must be
- empty. There are three important differences
- between dataSource and dataSourceRef:
- * While dataSource only allows two
- specific types of objects, dataSourceRef
- allows any non-core object, as well
- as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed
- values (dropping them), dataSourceRef
- preserves all values, and generates
- an error if a disallowed value is
- specified. * While dataSource only
- allows local objects, dataSourceRef
- allows objects in any namespaces.
- (Beta) Using this field requires the
- AnyVolumeDataSource feature gate to
- be enabled. (Alpha) Using the namespace
- field of dataSourceRef requires the
- CrossNamespaceVolumeDataSource feature
- gate to be enabled."
- properties:
- apiGroup:
- description: APIGroup is the group
- for the resource being referenced.
- If APIGroup is not specified,
- the specified Kind must be in
- the core API group. For any other
- third-party types, APIGroup is
- required.
- type: string
- kind:
- description: Kind is the type of
- resource being referenced
- type: string
- name:
- description: Name is the name of
- resource being referenced
- type: string
- namespace:
- description: Namespace is the namespace
- of resource being referenced Note
- that when a namespace is specified,
- a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent
- namespace to allow that namespace's
- owner to accept the reference.
- See the ReferenceGrant documentation
- for details. (Alpha) This field
- requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: "resources represents the
- minimum resources the volume should
- have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed
- to specify resource requirements that
- are lower than previous value but
- must still be higher than capacity
- recorded in the status field of the
- claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources"
- properties:
- claims:
- description: "Claims lists the names
- of resources, defined in spec.resourceClaims,
- that are used by this container.
- \n This is an alpha field and
- requires enabling the DynamicResourceAllocation
- feature gate. \n This field is
- immutable. It can only be set
- for containers."
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match
- the name of one entry in
- pod.spec.resourceClaims
- of the Pod where this field
- is used. It makes that resource
- available inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the
- maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container, it
- defaults to Limits if that is
- explicitly specified, otherwise
- to an implementation-defined value.
- Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- selector:
- description: selector is a label query
- over volumes to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: "storageClassName is the
- name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1"
- type: string
- volumeMode:
- description: volumeMode defines what
- type of volume is required by the
- claim. Value of Filesystem is implied
- when not included in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding
- reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource
- that is attached to a kubelet's host machine and
- then exposed to the pod.
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. TODO: how do we prevent errors
- in the filesystem from compromising the machine'
- type: string
- lun:
- description: "lun is Optional: FC target lun
- number"
- format: int32
- type: integer
- readOnly:
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts."
- type: boolean
- targetWWNs:
- description: "targetWWNs is Optional: FC target
- worldwide names (WWNs)"
- items:
- type: string
- type: array
- wwids:
- description: "wwids Optional: FC volume world
- wide identifiers (wwids) Either wwids or combination
- of targetWWNs and lun must be set, but not
- both simultaneously."
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: flexVolume represents a generic volume
- resource that is provisioned/attached using an
- exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver
- to use for this volume.
- type: string
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem depends
- on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: "options is Optional: this field
- holds extra command options if any."
- type: object
- readOnly:
- description: "readOnly is Optional: defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts."
- type: boolean
- secretRef:
- description: "secretRef is Optional: secretRef
- is reference to the secret object containing
- sensitive information to pass to the plugin
- scripts. This may be empty if no secret object
- is specified. If the secret object contains
- more than one secret, all secrets are passed
- to the plugin scripts."
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume
- attached to a kubelet's host machine. This depends
- on the Flocker control service being running
- properties:
- datasetName:
- description: datasetName is Name of the dataset
- stored as metadata -> name on the dataset
- for Flocker should be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the
- dataset. This is unique identifier of a Flocker
- dataset
- type: string
- type: object
- gcePersistentDisk:
- description: "gcePersistentDisk represents a GCE
- Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- properties:
- fsType:
- description: 'fsType is filesystem type of the
- volume that you want to mount. Tip: Ensure
- that the filesystem type is supported by the
- host operating system. Examples: "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: "pdName is unique name of the PD
- resource in GCE. Used to identify the disk
- in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: "gitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with a
- git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount the
- EmptyDir into the Pod's container."
- properties:
- directory:
- description: directory is the target directory
- name. Must not contain or start with '..'. If
- '.' is supplied, the volume directory will
- be the git repository. Otherwise, if specified,
- the volume will contain the git repository
- in the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for
- the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: "glusterfs represents a Glusterfs mount
- on the host that shares a pod's lifetime. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md"
- properties:
- endpoints:
- description: "endpoints is the endpoint name
- that details Glusterfs topology. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- path:
- description: "path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- readOnly:
- description: "readOnly here will force the Glusterfs
- volume to be mounted with read-only permissions.
- Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: "hostPath represents a pre-existing
- file or directory on the host machine that is
- directly exposed to the container. This is generally
- used for system agents or other privileged things
- that are allowed to see the host machine. Most
- containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can
- use host directory mounts and who can/can not
- mount host directories as read/write."
- properties:
- path:
- description: "path of the directory on the host.
- If the path is a symlink, it will follow the
- link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
- type: string
- type:
- description: 'type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: "iscsi represents an ISCSI Disk resource
- that is attached to a kubelet's host machine
- and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md"
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether
- support iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether
- support iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- initiatorName:
- description: initiatorName is the custom iSCSI
- Initiator Name. If initiatorName is specified
- with iscsiInterface simultaneously, new iSCSI
- interface : will
- be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified
- Name.
- type: string
- iscsiInterface:
- description: iscsiInterface is the interface
- Name that uses an iSCSI transport. Defaults
- to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun
- number.
- format: int32
- type: integer
- portals:
- description: portals is the iSCSI Target Portal
- List. The portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for
- iSCSI target and initiator authentication
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: targetPortal is iSCSI Target Portal.
- The Portal is either an IP or ip_addr:port
- if the port is other than default (typically
- TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: "name of the volume. Must be a DNS_LABEL
- and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
- type: string
- nfs:
- description: "nfs represents an NFS mount on the
- host that shares a pod's lifetime More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- properties:
- path:
- description: "path that is exported by the NFS
- server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- readOnly:
- description: "readOnly here will force the NFS
- export to be mounted with read-only permissions.
- Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: boolean
- server:
- description: "server is the hostname or IP address
- of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: "persistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- properties:
- claimName:
- description: "claimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this
- volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- type: string
- readOnly:
- description: readOnly Will force the ReadOnly
- setting in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets
- host machine
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies
- Photon Controller persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fSType represents the filesystem
- type to mount Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a
- Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources
- secrets, configmaps, and downward API
- properties:
- defaultMode:
- description: defaultMode are the mode bits used
- to set permissions on created files by default.
- Must be an octal value between 0000 and 0777
- or a decimal value between 0 and 511. YAML
- accepts both octal and decimal values, JSON
- requires decimal values for mode bits. Directories
- within the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- configMap:
- description: configMap information about
- the configMap data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced ConfigMap
- will be projected into the volume
- as a file whose name is the key
- and content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the ConfigMap, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: key is the key
- to project.
- type: string
- mode:
- description: "mode is Optional:
- mode bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the
- key to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether
- the ConfigMap or its keys must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about
- the downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile
- represents information to create
- the file containing the pod field
- properties:
- fieldRef:
- description: "Required: Selects
- a field of the pod: only annotations,
- labels, name and namespace
- are supported."
- properties:
- apiVersion:
- description: Version of
- the schema the FieldPath
- is written in terms of,
- defaults to "v1".
- type: string
- fieldPath:
- description: Path of the
- field to select in the
- specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode
- bits used to set permissions
- on this file, must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: "Required: Path
- is the relative path name
- of the file to be created.
- Must not be absolute or contain
- the '..' path. Must be utf-8
- encoded. The first item of
- the relative path must not
- start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource
- of the container: only resources
- limits and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are currently
- supported."
- properties:
- containerName:
- description: "Container
- name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the
- output format of the exposed
- resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required:
- resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about
- the secret data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced Secret will
- be projected into the volume as
- a file whose name is the key and
- content is the value. If specified,
- the listed keys will be projected
- into the specified paths, and unlisted
- keys will not be present. If a key
- is specified which is not present
- in the Secret, the volume setup
- will error unless it is marked optional.
- Paths must be relative and may not
- contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to
- a path within a volume.
- properties:
- key:
- description: key is the key
- to project.
- type: string
- mode:
- description: "mode is Optional:
- mode bits used to set permissions
- on this file. Must be an octal
- value between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts both
- octal and decimal values,
- JSON requires decimal values
- for mode bits. If not specified,
- the volume defaultMode will
- be used. This might be in
- conflict with other options
- that affect the file mode,
- like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the
- key to. May not be an absolute
- path. May not contain the
- path element '..'. May not
- start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional field specify
- whether the Secret or its key must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information
- about the serviceAccountToken data to
- project
- properties:
- audience:
- description: audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified in
- the audience of the token, and otherwise
- should reject the token. The audience
- defaults to the identifier of the
- apiserver.
- type: string
- expirationSeconds:
- description: expirationSeconds is
- the requested duration of validity
- of the service account token. As
- the token approaches expiration,
- the kubelet volume plugin will proactively
- rotate the service account token.
- The kubelet will start trying to
- rotate the token if the token is
- older than 80 percent of its time
- to live or if the token is older
- than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: path is the path relative
- to the mount point of the file to
- project the token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
- properties:
- group:
- description: group to map volume access to Default
- is no group
- type: string
- readOnly:
- description: readOnly here will force the Quobyte
- volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: registry represents a single or
- multiple Quobyte Registry services specified
- as a string as host:port pair (multiple entries
- are separated with commas) which acts as the
- central registry for volumes
- type: string
- tenant:
- description: tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is set
- by the plugin
- type: string
- user:
- description: user to map volume access to Defaults
- to serivceaccount user
- type: string
- volume:
- description: volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: "rbd represents a Rados Block Device
- mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
- type: string
- image:
- description: "image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- keyring:
- description: "keyring is the path to key ring
- for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- monitors:
- description: "monitors is a collection of Ceph
- monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- items:
- type: string
- type: array
- pool:
- description: "pool is the rados pool name. Default
- is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: boolean
- secretRef:
- description: "secretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is the rados user name. Default
- is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of
- the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of
- the ScaleIO Protection Domain for the configured
- storage.
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef references to the secret
- for ScaleIO user and other sensitive information.
- If this is not provided, Login operation will
- fail.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable
- SSL communication with Gateway, default false
- type: boolean
- storageMode:
- description: storageMode indicates whether the
- storage for a volume should be ThickProvisioned
- or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage
- Pool associated with the protection domain.
- type: string
- system:
- description: system is the name of the storage
- system as configured in ScaleIO.
- type: string
- volumeName:
- description: volumeName is the name of a volume
- already created in the ScaleIO system that
- is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: "secret represents a secret that should
- populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- properties:
- defaultMode:
- description: "defaultMode is Optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
- format: int32
- type: integer
- items:
- description: items If unspecified, each key-value
- pair in the Data field of the referenced Secret
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret, the volume
- setup will error unless it is marked optional.
- Paths must be relative and may not contain
- the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether
- the Secret or its keys must be defined
- type: boolean
- secretName:
- description: "secretName is the name of the
- secret in the pod's namespace to use. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef specifies the secret
- to use for obtaining the StorageOS API credentials. If
- not specified, default values will be attempted.
- properties:
- name:
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: volumeName is the human-readable
- name of the StorageOS volume. Volume names
- are only unique within a namespace.
- type: string
- volumeNamespace:
- description: volumeNamespace specifies the scope
- of the volume within StorageOS. If no namespace
- is specified then the Pod's namespace will
- be used. This allows the Kubernetes name
- scoping to be mirrored within StorageOS for
- tighter integration. Set VolumeName to any
- name to override the default behaviour. Set
- to "default" if you are not using namespaces
- within StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere
- volume attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage
- Policy Based Management (SPBM) profile ID
- associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage
- Policy Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies
- vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- type: object
- type: object
- type: object
- status:
- description: SonataFlowPlatformStatus defines the observed state of SonataFlowPlatform
- properties:
- cluster:
- description: Cluster what kind of cluster you're running (ie, plain
- Kubernetes or OpenShift)
- enum:
- - kubernetes
- - openshift
- type: string
- clusterPlatformRef:
- description: ClusterPlatformRef information related to the (optional)
- active SonataFlowClusterPlatform
- properties:
- name:
- description: Name of the active SonataFlowClusterPlatform
- type: string
- platformRef:
- description: PlatformRef displays which SonataFlowPlatform has
- been referenced by the active SonataFlowClusterPlatform
- properties:
- name:
- description: Name of the SonataFlowPlatform
- type: string
- namespace:
- description: Namespace of the SonataFlowPlatform
- type: string
- required:
- - name
- - namespace
- type: object
- services:
- description: Services displays which cluster-wide services are
- being used by this SonataFlowPlatform
- properties:
- dataIndexRef:
- description: DataIndexRef displays information on the cluster-wide
- Data Index service
- properties:
- url:
- description: Url displays the base url of the service
- type: string
- type: object
- jobServiceRef:
- description: JobServiceRef displays information on the cluster-wide
- Job Service
- properties:
- url:
- description: Url displays the base url of the service
- type: string
- type: object
- type: object
- type: object
- conditions:
- description: The latest available observations of a resource's current
- state.
- items:
- description: Condition describes the common structure for conditions
- in our types
- properties:
- lastUpdateTime:
- description: The last time this condition was updated.
- format: date-time
- type: string
- message:
- description: A human-readable message indicating details about
- the transition.
- type: string
- reason:
- description: The reason for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: Type condition for the given object
- type: string
- required:
- - status
- - type
- type: object
- type: array
- info:
- additionalProperties:
- type: string
- description: Info generic information related to the build
- type: object
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- version:
- description: Version the operator version controlling this Platform
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
diff --git a/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflows.yaml b/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflows.yaml
deleted file mode 100644
index ae0f2e3cc92..00000000000
--- a/packages/sonataflow-operator/config/crd/bases/sonataflow.org_sonataflows.yaml
+++ /dev/null
@@ -1,9520 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
- annotations:
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
- name: sonataflows.sonataflow.org
- group: sonataflow.org
- names:
- kind: SonataFlow
- listKind: SonataFlowList
- plural: sonataflows
- shortNames:
- - sf
- - workflow
- - workflows
- singular: sonataflow
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .metadata.annotations.sonataflow\.org\/profile
- name: Profile
- type: string
- - jsonPath: .metadata.annotations.sonataflow\.org\/version
- name: Version
- type: string
- - jsonPath: .status.endpoint
- name: URL
- type: string
- - jsonPath: .status.conditions[?(@.type=='Running')].status
- name: Ready
- type: string
- - jsonPath: .status.conditions[?(@.type=='Running')].reason
- name: Reason
- type: string
- name: v1alpha08
- schema:
- openAPIV3Schema:
- description: SonataFlow is the descriptor representation for a workflow application
- based on the CNCF Serverless Workflow specification.
- properties:
- apiVersion:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
- type: string
- kind:
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- metadata:
- type: object
- spec:
- description: SonataFlowSpec defines the desired state of SonataFlow
- properties:
- flow:
- description: Flow the workflow definition.
- properties:
- annotations:
- description: Annotations List of helpful terms describing the
- workflows intended purpose, subject areas, or other important
- qualities.
- items:
- type: string
- type: array
- auth:
- description: Auth definitions can be used to define authentication
- information that should be applied to resources defined in the
- operation property of function definitions. It is not used as
- authentication information for the function invocation, but
- just to access the resource containing the function invocation
- information.
- x-kubernetes-preserve-unknown-fields: true
- autoRetries:
- description: AutoRetries If set to true, actions should automatically
- be retried on unchecked errors. Default is false
- type: boolean
- constants:
- additionalProperties:
- description: RawMessage is a raw encoded JSON value. It implements
- Marshaler and Unmarshaler and can be used to delay JSON decoding
- or precompute a JSON encoding.
- format: byte
- type: string
- description: Constants Workflow constants are used to define static,
- and immutable, data which is available to Workflow Expressions.
- type: object
- dataInputSchema:
- description: DataInputSchema URI of the JSON Schema used to validate
- the workflow data input
- properties:
- failOnValidationErrors:
- type: boolean
- schema:
- type: string
- required:
- - failOnValidationErrors
- - schema
- type: object
- errors:
- description: Defines checked errors that can be explicitly handled
- during workflow execution.
- items:
- description: Error declaration for workflow definitions
- properties:
- code:
- description: Code OnError code. Can be used in addition
- to the name to help runtimes resolve to technical errors/exceptions.
- Should not be defined if error is set to '*'.
- type: string
- description:
- description: OnError description.
- type: string
- name:
- description: Name Domain-specific error name.
- type: string
- required:
- - name
- type: object
- type: array
- events:
- items:
- description: Event used to define events and their correlations
- properties:
- correlation:
- description: Define event correlation rules for this event.
- Only used for consumed events.
- items:
- description: Correlation define event correlation rules
- for an event. Only used for `consumed` events
- properties:
- contextAttributeName:
- description: CloudEvent Extension Context Attribute
- name
- type: string
- contextAttributeValue:
- description: CloudEvent Extension Context Attribute
- value
- type: string
- required:
- - contextAttributeName
- type: object
- type: array
- dataOnly:
- description: If `true`, only the Event payload is accessible
- to consuming Workflow states. If `false`, both event payload
- and context attributes should be accessible. Defaults
- to true.
- type: boolean
- kind:
- default: consumed
- description: Defines the CloudEvent as either 'consumed'
- or 'produced' by the workflow. Defaults to `consumed`.
- enum:
- - consumed
- - produced
- type: string
- metadata:
- additionalProperties:
- type: object
- description: Metadata information
- type: object
- name:
- description: Unique event name.
- type: string
- source:
- description: CloudEvent source.
- type: string
- type:
- description: CloudEvent type.
- type: string
- required:
- - name
- - type
- type: object
- type: array
- functions:
- items:
- description: Function ...
- properties:
- authRef:
- description: References an auth definition name to be used
- to access to resource defined in the operation parameter.
- type: string
- metadata:
- additionalProperties:
- type: object
- description: Metadata information
- type: object
- name:
- description: Unique function name
- type: string
- operation:
- description: If type is `rest`, #.
- If type is `rpc`, ##.
- If type is `expression`, defines the workflow expression.
- If the type is `custom`, #.
- type: string
- type:
- default: rest
- description: Defines the function type. Is either `custom`,
- `rest`, `rpc`, `expression`, `graphql`, `odata` or `asyncapi`.
- Default is `rest`.
- enum:
- - rest
- - rpc
- - expression
- - graphql
- - odata
- - asyncapi
- - custom
- type: string
- required:
- - name
- - operation
- type: object
- type: array
- keepActive:
- description: If "true", workflow instances is not terminated when
- there are no active execution paths. Instance can be terminated
- with "terminate end definition" or reaching defined "workflowExecTimeout"
- type: boolean
- metadata:
- description: Metadata custom information shared with the runtime.
- x-kubernetes-preserve-unknown-fields: true
- retries:
- items:
- description: Retry ...
- properties:
- delay:
- description: Time delay between retry attempts (ISO 8601
- duration format)
- type: string
- increment:
- description: Static value by which the delay increases during
- each attempt (ISO 8601 time format)
- type: string
- jitter:
- description: "If float type, maximum amount of random time
- added or subtracted from the delay between each retry
- relative to total delay (between 0 and 1). If string type,
- absolute maximum amount of random time added or subtracted
- from the delay between each retry (ISO 8601 duration format)
- TODO: make iso8601duration compatible this type"
- properties:
- floatVal:
- type: number
- strVal:
- type: string
- type:
- description: Type represents the stored type of Float32OrString.
- format: int64
- type: integer
- type: object
- maxAttempts:
- anyOf:
- - type: integer
- - type: string
- description: Maximum number of retry attempts.
- x-kubernetes-int-or-string: true
- maxDelay:
- description: Maximum time delay between retry attempts (ISO
- 8601 duration format)
- type: string
- multiplier:
- description: Numeric value, if specified the delay between
- retries is multiplied by this value.
- properties:
- floatVal:
- type: number
- strVal:
- type: string
- type:
- description: Type represents the stored type of Float32OrString.
- format: int64
- type: integer
- type: object
- name:
- description: Unique retry strategy name
- type: string
- required:
- - maxAttempts
- - name
- type: object
- type: array
- secrets:
- description: Secrets allow you to access sensitive information,
- such as passwords, OAuth tokens, ssh keys, etc, inside your
- Workflow Expressions.
- items:
- type: string
- type: array
- start:
- description: Workflow start definition.
- x-kubernetes-preserve-unknown-fields: true
- states:
- items:
- properties:
- callbackState:
- description: callbackState executes a function and waits
- for callback event that indicates completion of the task.
- properties:
- action:
- description: Defines the action to be executed.
- properties:
- actionDataFilter:
- description: Filter the state data to select only
- the data that can be used within function definition
- arguments using its fromStateData property. Filter
- the action results to select only the result data
- that should be added/merged back into the state
- data using its results property. Select the part
- of state data which the action data results should
- be added/merged to using the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that filters
- state data that can be used by the action.
- type: string
- results:
- description: Workflow expression that filters
- the actions data results.
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action results
- should be added/merged into. If not specified
- denotes the top-level state data element.
- type: string
- useResults:
- description: If set to false, action data results
- are not added/merged to state data. In this
- case 'results' and 'toStateData' should be
- ignored. Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must evaluate
- to true for this action to be performed. If false,
- action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and 'result'
- reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension context
- attributes to the produced event.
- type: object
- data:
- description: If string type, an expression which
- selects parts of the states data output to
- become the data (payload) of the event referenced
- by triggerEventRef. If object type, a custom
- object to become the data (payload) of the
- event referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique name of
- a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time (ISO 8601
- format) to wait for the result event. If not
- defined it be set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique name of
- a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to be passed
- to the referenced function TODO: validate
- it as required if function type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced function.
- type: string
- selectionSet:
- description: "Used if function type is graphql.
- String containing a valid GraphQL selection
- set. TODO: validate it as required if function
- type is graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should not
- be retried. Used only when `autoRetries` is set
- to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow retry
- definition. If not defined uses the default runtime
- retry definition.
- type: string
- retryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should be
- retried. Used only when `autoRetries` is set to
- `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow execution
- should sleep before / after function execution.
- properties:
- after:
- description: Defines amount of time (ISO 8601
- duration format) to sleep after function/subflow
- invocation. Does not apply if 'eventRef' is
- defined.
- type: string
- before:
- description: Defines amount of time (ISO 8601
- duration format) to sleep before function/subflow
- invocation. Does not apply if 'eventRef' is
- defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow should
- be invoked sync or async. Defaults to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies how
- subflow execution should behave when parent
- workflow completes if invoke is 'async'. Defaults
- to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- eventDataFilter:
- description: Event data filter definition.
- properties:
- data:
- description: Workflow expression that filters of
- the event data (payload).
- type: string
- toStateData:
- description: Workflow expression that selects a
- state data element to which the action results
- should be added/merged into. If not specified
- denotes the top-level state data element
- type: string
- useData:
- description: If set to false, event payload is not
- added/merged to state data. In this case 'data'
- and 'toStateData' should be ignored. Default is
- true.
- type: boolean
- type: object
- eventRef:
- description: References a unique callback event name
- in the defined workflow events.
- type: string
- timeouts:
- description: Time period to wait for incoming events
- (ISO 8601 format)
- properties:
- actionExecTimeout:
- description: Default single actions definition execution
- timeout (ISO 8601 duration format)
- type: string
- eventTimeout:
- description: Default timeout for consuming defined
- events (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - action
- - eventRef
- type: object
- compensatedBy:
- description: Unique Name of a workflow state which is responsible
- for compensation of this state.
- type: string
- delayState:
- description: delayState Causes the workflow execution to
- delay for a specified duration.
- properties:
- timeDelay:
- description: Amount of time (ISO 8601 format) to delay
- type: string
- required:
- - timeDelay
- type: object
- end:
- description: State end definition.
- x-kubernetes-preserve-unknown-fields: true
- eventState:
- description: event states await one or more events and perform
- actions when they are received. If defined as the workflow
- starting state, the event state definition controls when
- the workflow instances should be created.
- properties:
- exclusive:
- default: true
- description: If true consuming one of the defined events
- causes its associated actions to be performed. If
- false all the defined events must be consumed in order
- for actions to be performed. Defaults to true.
- type: boolean
- onEvents:
- description: Define the events to be consumed and optional
- actions to be performed.
- items:
- description: OnEvents define which actions are be
- performed for the one or more events.
- properties:
- actionMode:
- default: sequential
- description: Should actions be performed sequentially
- or in parallel. Default is sequential.
- enum:
- - sequential
- - parallel
- type: string
- actions:
- description: Actions to be performed if expression
- matches
- items:
- description: Action specify invocations of services
- or other workflows during workflow execution.
- properties:
- actionDataFilter:
- description: Filter the state data to select
- only the data that can be used within
- function definition arguments using its
- fromStateData property. Filter the action
- results to select only the result data
- that should be added/merged back into
- the state data using its results property.
- Select the part of state data which the
- action data results should be added/merged
- to using the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that
- filters state data that can be used
- by the action.
- type: string
- results:
- description: Workflow expression that
- filters the actions data results.
- type: string
- toStateData:
- description: Workflow expression that
- selects a state data element to which
- the action results should be added/merged
- into. If not specified denotes the
- top-level state data element.
- type: string
- useResults:
- description: If set to false, action
- data results are not added/merged
- to state data. In this case 'results'
- and 'toStateData' should be ignored.
- Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must
- evaluate to true for this action to be
- performed. If false, action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and
- 'result' reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension
- context attributes to the produced
- event.
- type: object
- data:
- description: If string type, an expression
- which selects parts of the states
- data output to become the data (payload)
- of the event referenced by triggerEventRef.
- If object type, a custom object to
- become the data (payload) of the event
- referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function
- should be invoked sync or async. Default
- is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique
- name of a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time
- (ISO 8601 format) to wait for the
- result event. If not defined it be
- set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique
- name of a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function
- definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to
- be passed to the referenced function
- TODO: validate it as required if function
- type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function
- should be invoked sync or async. Default
- is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced
- function.
- type: string
- selectionSet:
- description: "Used if function type
- is graphql. String containing a valid
- GraphQL selection set. TODO: validate
- it as required if function type is
- graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to
- defined workflow errors for which the
- action should not be retried. Used only
- when `autoRetries` is set to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow
- retry definition. If not defined uses
- the default runtime retry definition.
- type: string
- retryableErrors:
- description: List of unique references to
- defined workflow errors for which the
- action should be retried. Used only when
- `autoRetries` is set to `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow
- execution should sleep before / after
- function execution.
- properties:
- after:
- description: Defines amount of time
- (ISO 8601 duration format) to sleep
- after function/subflow invocation.
- Does not apply if 'eventRef' is defined.
- type: string
- before:
- description: Defines amount of time
- (ISO 8601 duration format) to sleep
- before function/subflow invocation.
- Does not apply if 'eventRef' is defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be
- invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow
- should be invoked sync or async. Defaults
- to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies
- how subflow execution should behave
- when parent workflow completes if
- invoke is 'async'. Defaults to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- type: array
- eventDataFilter:
- description: eventDataFilter defines the callback
- event data filter definition
- properties:
- data:
- description: Workflow expression that filters
- of the event data (payload).
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action
- results should be added/merged into. If
- not specified denotes the top-level state
- data element
- type: string
- useData:
- description: If set to false, event payload
- is not added/merged to state data. In this
- case 'data' and 'toStateData' should be
- ignored. Default is true.
- type: boolean
- type: object
- eventRefs:
- description: References one or more unique event
- names in the defined workflow events.
- items:
- type: string
- minItems: 1
- type: array
- required:
- - eventRefs
- type: object
- minItems: 1
- type: array
- timeouts:
- description: State specific timeouts.
- properties:
- actionExecTimeout:
- description: Default single actions definition execution
- timeout (ISO 8601 duration format)
- type: string
- eventTimeout:
- description: Default timeout for consuming defined
- events (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - onEvents
- type: object
- forEachState:
- description: forEachState used to execute actions for each
- element of a data set.
- properties:
- actions:
- description: Actions to be executed for each of the
- elements of inputCollection.
- items:
- description: Action specify invocations of services
- or other workflows during workflow execution.
- properties:
- actionDataFilter:
- description: Filter the state data to select only
- the data that can be used within function definition
- arguments using its fromStateData property.
- Filter the action results to select only the
- result data that should be added/merged back
- into the state data using its results property.
- Select the part of state data which the action
- data results should be added/merged to using
- the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that filters
- state data that can be used by the action.
- type: string
- results:
- description: Workflow expression that filters
- the actions data results.
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action
- results should be added/merged into. If
- not specified denotes the top-level state
- data element.
- type: string
- useResults:
- description: If set to false, action data
- results are not added/merged to state data.
- In this case 'results' and 'toStateData'
- should be ignored. Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must evaluate
- to true for this action to be performed. If
- false, action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and 'result'
- reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension context
- attributes to the produced event.
- type: object
- data:
- description: If string type, an expression
- which selects parts of the states data output
- to become the data (payload) of the event
- referenced by triggerEventRef. If object
- type, a custom object to become the data
- (payload) of the event referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique name
- of a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time (ISO 8601
- format) to wait for the result event. If
- not defined it be set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique name
- of a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to be passed
- to the referenced function TODO: validate
- it as required if function type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced function.
- type: string
- selectionSet:
- description: "Used if function type is graphql.
- String containing a valid GraphQL selection
- set. TODO: validate it as required if function
- type is graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should
- not be retried. Used only when `autoRetries`
- is set to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow retry
- definition. If not defined uses the default
- runtime retry definition.
- type: string
- retryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should
- be retried. Used only when `autoRetries` is
- set to `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow execution
- should sleep before / after function execution.
- properties:
- after:
- description: Defines amount of time (ISO 8601
- duration format) to sleep after function/subflow
- invocation. Does not apply if 'eventRef'
- is defined.
- type: string
- before:
- description: Defines amount of time (ISO 8601
- duration format) to sleep before function/subflow
- invocation. Does not apply if 'eventRef'
- is defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow should
- be invoked sync or async. Defaults to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies how
- subflow execution should behave when parent
- workflow completes if invoke is 'async'.
- Defaults to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- minItems: 0
- type: array
- batchSize:
- anyOf:
- - type: integer
- - type: string
- description: Specifies how many iterations may run in
- parallel at the same time. Used if mode property is
- set to parallel (default). If not specified, its value
- should be the size of the inputCollection.
- x-kubernetes-int-or-string: true
- inputCollection:
- description: Workflow expression selecting an array
- element of the states' data.
- type: string
- iterationParam:
- description: Name of the iteration parameter that can
- be referenced in actions/workflow. For each parallel
- iteration, this param should contain a unique element
- of the inputCollection array.
- type: string
- mode:
- default: parallel
- description: Specifies how iterations are to be performed
- (sequential or in parallel), defaults to parallel.
- enum:
- - sequential
- - parallel
- type: string
- outputCollection:
- description: Workflow expression specifying an array
- element of the states data to add the results of each
- iteration.
- type: string
- timeouts:
- description: State specific timeout.
- properties:
- actionExecTimeout:
- description: Default single actions definition execution
- timeout (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - inputCollection
- type: object
- id:
- description: Unique State id.
- type: string
- injectState:
- description: injectState used to inject static data into
- state data input.
- properties:
- data:
- additionalProperties:
- type: object
- description: JSON object which can be set as state's
- data input and can be manipulated via filter
- minProperties: 1
- type: object
- timeouts:
- description: State specific timeouts
- properties:
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - data
- type: object
- metadata:
- additionalProperties:
- type: object
- description: Metadata information.
- type: object
- name:
- description: State name.
- type: string
- onErrors:
- description: States error handling and retries definitions.
- items:
- description: OnError ...
- properties:
- end:
- description: End workflow execution in case of this
- error. If retryRef is defined, this ends workflow
- only if retries were unsuccessful.
- x-kubernetes-preserve-unknown-fields: true
- errorRef:
- description: ErrorRef Reference to a unique workflow
- error definition. Used of errorRefs is not used
- type: string
- errorRefs:
- description: ErrorRefs References one or more workflow
- error definitions. Used if errorRef is not used
- items:
- type: string
- type: array
- transition:
- description: Transition to next state to handle the
- error. If retryRef is defined, this transition is
- taken only if retries were unsuccessful.
- x-kubernetes-preserve-unknown-fields: true
- type: object
- type: array
- operationState:
- description: operationState defines a set of actions to
- be performed in sequence or in parallel.
- properties:
- actionMode:
- default: sequential
- description: Specifies whether actions are performed
- in sequence or in parallel, defaults to sequential.
- enum:
- - sequential
- - parallel
- type: string
- actions:
- description: Actions to be performed
- items:
- description: Action specify invocations of services
- or other workflows during workflow execution.
- properties:
- actionDataFilter:
- description: Filter the state data to select only
- the data that can be used within function definition
- arguments using its fromStateData property.
- Filter the action results to select only the
- result data that should be added/merged back
- into the state data using its results property.
- Select the part of state data which the action
- data results should be added/merged to using
- the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that filters
- state data that can be used by the action.
- type: string
- results:
- description: Workflow expression that filters
- the actions data results.
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action
- results should be added/merged into. If
- not specified denotes the top-level state
- data element.
- type: string
- useResults:
- description: If set to false, action data
- results are not added/merged to state data.
- In this case 'results' and 'toStateData'
- should be ignored. Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must evaluate
- to true for this action to be performed. If
- false, action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and 'result'
- reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension context
- attributes to the produced event.
- type: object
- data:
- description: If string type, an expression
- which selects parts of the states data output
- to become the data (payload) of the event
- referenced by triggerEventRef. If object
- type, a custom object to become the data
- (payload) of the event referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique name
- of a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time (ISO 8601
- format) to wait for the result event. If
- not defined it be set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique name
- of a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to be passed
- to the referenced function TODO: validate
- it as required if function type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function should
- be invoked sync or async. Default is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced function.
- type: string
- selectionSet:
- description: "Used if function type is graphql.
- String containing a valid GraphQL selection
- set. TODO: validate it as required if function
- type is graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should
- not be retried. Used only when `autoRetries`
- is set to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow retry
- definition. If not defined uses the default
- runtime retry definition.
- type: string
- retryableErrors:
- description: List of unique references to defined
- workflow errors for which the action should
- be retried. Used only when `autoRetries` is
- set to `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow execution
- should sleep before / after function execution.
- properties:
- after:
- description: Defines amount of time (ISO 8601
- duration format) to sleep after function/subflow
- invocation. Does not apply if 'eventRef'
- is defined.
- type: string
- before:
- description: Defines amount of time (ISO 8601
- duration format) to sleep before function/subflow
- invocation. Does not apply if 'eventRef'
- is defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow should
- be invoked sync or async. Defaults to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies how
- subflow execution should behave when parent
- workflow completes if invoke is 'async'.
- Defaults to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- minItems: 0
- type: array
- timeouts:
- description: State specific timeouts
- properties:
- actionExecTimeout:
- description: Default single actions definition execution
- timeout (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Defines workflow state execution timeout.
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - actions
- type: object
- parallelState:
- description: parallelState Consists of a number of states
- that are executed in parallel.
- properties:
- branches:
- description: List of branches for this parallel state.
- items:
- description: Branch Definition
- properties:
- actions:
- description: Actions to be executed in this branch
- items:
- description: Action specify invocations of services
- or other workflows during workflow execution.
- properties:
- actionDataFilter:
- description: Filter the state data to select
- only the data that can be used within
- function definition arguments using its
- fromStateData property. Filter the action
- results to select only the result data
- that should be added/merged back into
- the state data using its results property.
- Select the part of state data which the
- action data results should be added/merged
- to using the toStateData property.
- properties:
- fromStateData:
- description: Workflow expression that
- filters state data that can be used
- by the action.
- type: string
- results:
- description: Workflow expression that
- filters the actions data results.
- type: string
- toStateData:
- description: Workflow expression that
- selects a state data element to which
- the action results should be added/merged
- into. If not specified denotes the
- top-level state data element.
- type: string
- useResults:
- description: If set to false, action
- data results are not added/merged
- to state data. In this case 'results'
- and 'toStateData' should be ignored.
- Default is true.
- type: boolean
- type: object
- condition:
- description: Expression, if defined, must
- evaluate to true for this action to be
- performed. If false, action is disregarded.
- type: string
- eventRef:
- description: References a 'trigger' and
- 'result' reusable event definitions.
- properties:
- contextAttributes:
- additionalProperties:
- type: object
- description: Add additional extension
- context attributes to the produced
- event.
- type: object
- data:
- description: If string type, an expression
- which selects parts of the states
- data output to become the data (payload)
- of the event referenced by triggerEventRef.
- If object type, a custom object to
- become the data (payload) of the event
- referenced by triggerEventRef.
- type: object
- invoke:
- default: sync
- description: Specifies if the function
- should be invoked sync or async. Default
- is sync.
- enum:
- - async
- - sync
- type: string
- resultEventRef:
- description: Reference to the unique
- name of a 'consumed' event definition
- type: string
- resultEventTimeout:
- description: Maximum amount of time
- (ISO 8601 format) to wait for the
- result event. If not defined it be
- set to the actionExecutionTimeout
- type: string
- triggerEventRef:
- description: Reference to the unique
- name of a 'produced' event definition,
- type: string
- required:
- - resultEventRef
- - triggerEventRef
- type: object
- functionRef:
- description: References a reusable function
- definition.
- properties:
- arguments:
- additionalProperties:
- type: object
- description: "Arguments (inputs) to
- be passed to the referenced function
- TODO: validate it as required if function
- type is graphql"
- type: object
- invoke:
- default: sync
- description: Specifies if the function
- should be invoked sync or async. Default
- is sync.
- enum:
- - async
- - sync
- type: string
- refName:
- description: Name of the referenced
- function.
- type: string
- selectionSet:
- description: "Used if function type
- is graphql. String containing a valid
- GraphQL selection set. TODO: validate
- it as required if function type is
- graphql"
- type: string
- required:
- - refName
- type: object
- id:
- description: Defines Unique action identifier.
- type: string
- name:
- description: Defines Unique action name.
- type: string
- nonRetryableErrors:
- description: List of unique references to
- defined workflow errors for which the
- action should not be retried. Used only
- when `autoRetries` is set to `true`
- items:
- type: string
- type: array
- retryRef:
- description: References a defined workflow
- retry definition. If not defined uses
- the default runtime retry definition.
- type: string
- retryableErrors:
- description: List of unique references to
- defined workflow errors for which the
- action should be retried. Used only when
- `autoRetries` is set to `false`
- items:
- type: string
- type: array
- sleep:
- description: Defines time period workflow
- execution should sleep before / after
- function execution.
- properties:
- after:
- description: Defines amount of time
- (ISO 8601 duration format) to sleep
- after function/subflow invocation.
- Does not apply if 'eventRef' is defined.
- type: string
- before:
- description: Defines amount of time
- (ISO 8601 duration format) to sleep
- before function/subflow invocation.
- Does not apply if 'eventRef' is defined.
- type: string
- type: object
- subFlowRef:
- description: References a workflow to be
- invoked.
- properties:
- invoke:
- default: sync
- description: Specifies if the subflow
- should be invoked sync or async. Defaults
- to sync.
- enum:
- - async
- - sync
- type: string
- onParentComplete:
- default: terminate
- description: onParentComplete specifies
- how subflow execution should behave
- when parent workflow completes if
- invoke is 'async'. Defaults to terminate.
- enum:
- - terminate
- - continue
- type: string
- version:
- description: Sub-workflow version
- type: string
- workflowId:
- description: Sub-workflow unique id
- type: string
- required:
- - workflowId
- type: object
- type: object
- minItems: 1
- type: array
- name:
- description: Branch name
- type: string
- timeouts:
- description: Branch specific timeout settings
- properties:
- actionExecTimeout:
- description: Single actions definition execution
- timeout duration (ISO 8601 duration format)
- type: string
- branchExecTimeout:
- description: Single branch execution timeout
- duration (ISO 8601 duration format)
- type: string
- type: object
- required:
- - actions
- - name
- type: object
- minItems: 1
- type: array
- completionType:
- default: allOf
- description: Option types on how to complete branch
- execution. Defaults to `allOf`.
- enum:
- - allOf
- - atLeast
- type: string
- numCompleted:
- anyOf:
- - type: integer
- - type: string
- description: "Used when branchCompletionType is set
- to atLeast to specify the least number of branches
- that must complete in order for the state to transition/end.
- TODO: change this field to unmarshal result as int"
- x-kubernetes-int-or-string: true
- timeouts:
- description: State specific timeouts
- properties:
- branchExecTimeout:
- description: Default single branch execution timeout
- (ISO 8601 duration format)
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - branches
- type: object
- sleepState:
- description: sleepState suspends workflow execution for
- a given time duration.
- properties:
- duration:
- description: Duration (ISO 8601 duration format) to
- sleep
- type: string
- timeouts:
- description: Timeouts State specific timeouts
- properties:
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - duration
- type: object
- stateDataFilter:
- description: State data filter.
- properties:
- input:
- description: Workflow expression to filter the state
- data input
- type: string
- output:
- description: Workflow expression that filters the state
- data output
- type: string
- type: object
- switchState:
- description: "switchState is workflow's gateways: direct
- transitions onf a workflow based on certain conditions."
- properties:
- dataConditions:
- description: Defines conditions evaluated against data
- items:
- description: DataCondition specify a data-based condition
- statement which causes a transition to another workflow
- state if evaluated to true.
- properties:
- condition:
- description: Workflow expression evaluated against
- state data. Must evaluate to true or false.
- type: string
- end:
- description: TODO End or Transition needs to be
- exclusive tag, one or another should be set.
- Explicit transition to end
- properties:
- compensate:
- description: If set to true, triggers workflow
- compensation before workflow execution completes.
- Default is false.
- type: boolean
- continueAs:
- description: Defines that current workflow
- execution should stop, and execution should
- continue as a new workflow instance of the
- provided id
- properties:
- data:
- description: If string type, an expression
- which selects parts of the states data
- output to become the workflow data input
- of continued execution. If object type,
- a custom object to become the workflow
- data input of the continued execution
- type: object
- version:
- description: Version of the workflow to
- continue execution as.
- type: string
- workflowExecTimeout:
- description: WorkflowExecTimeout Workflow
- execution timeout to be used by the
- workflow continuing execution. Overwrites
- any specific settings set by that workflow
- properties:
- duration:
- default: unlimited
- description: Workflow execution timeout
- duration (ISO 8601 duration format).
- If not specified should be 'unlimited'.
- type: string
- interrupt:
- description: If false, workflow instance
- is allowed to finish current execution.
- If true, current workflow execution
- is stopped immediately. Default
- is false.
- type: boolean
- runBefore:
- description: Name of a workflow state
- to be executed before workflow instance
- is terminated.
- type: string
- required:
- - duration
- type: object
- workflowId:
- description: Unique id of the workflow
- to continue execution as.
- type: string
- required:
- - workflowId
- type: object
- produceEvents:
- description: Array of producedEvent definitions.
- Defines events that should be produced.
- items:
- description: ProduceEvent Defines the event
- (CloudEvent format) to be produced when
- workflow execution completes or during
- a workflow transitions. The eventRef property
- must match the name of one of the defined
- produced events in the events definition.
- properties:
- contextAttributes:
- additionalProperties:
- type: string
- description: Add additional event extension
- context attributes.
- type: object
- data:
- description: If String, expression which
- selects parts of the states data output
- to become the data of the produced
- event. If object a custom object to
- become the data of produced event.
- type: object
- eventRef:
- description: Reference to a defined
- unique event name in the events definition
- type: string
- required:
- - eventRef
- type: object
- type: array
- terminate:
- description: If true, completes all execution
- flows in the given workflow instance.
- type: boolean
- type: object
- metadata:
- additionalProperties:
- type: object
- description: Metadata information.
- type: object
- name:
- description: Data condition name.
- type: string
- transition:
- description: Workflow transition if condition
- is evaluated to true
- properties:
- compensate:
- default: false
- description: If set to true, triggers workflow
- compensation before this transition is taken.
- Default is false.
- type: boolean
- nextState:
- description: Name of the state to transition
- to next.
- type: string
- produceEvents:
- description: Array of producedEvent definitions.
- Events to be produced before the transition
- takes place.
- items:
- description: ProduceEvent Defines the event
- (CloudEvent format) to be produced when
- workflow execution completes or during
- a workflow transitions. The eventRef property
- must match the name of one of the defined
- produced events in the events definition.
- properties:
- contextAttributes:
- additionalProperties:
- type: string
- description: Add additional event extension
- context attributes.
- type: object
- data:
- description: If String, expression which
- selects parts of the states data output
- to become the data of the produced
- event. If object a custom object to
- become the data of produced event.
- type: object
- eventRef:
- description: Reference to a defined
- unique event name in the events definition
- type: string
- required:
- - eventRef
- type: object
- type: array
- required:
- - nextState
- type: object
- required:
- - condition
- - end
- type: object
- type: array
- defaultCondition:
- description: Default transition of the workflow if there
- is no matching data conditions. Can include a transition
- or end definition.
- properties:
- end:
- description: If this state an end state
- x-kubernetes-preserve-unknown-fields: true
- transition:
- description: Serverless workflow states can have
- one or more incoming and outgoing transitions
- (from/to other states). Each state can define
- a transition definition that is used to determine
- which state to transition to next.
- x-kubernetes-preserve-unknown-fields: true
- type: object
- eventConditions:
- description: Defines conditions evaluated against events.
- items:
- description: EventCondition specify events which the
- switch state must wait for.
- properties:
- end:
- description: TODO End or Transition needs to be
- exclusive tag, one or another should be set.
- Explicit transition to end
- x-kubernetes-preserve-unknown-fields: true
- eventDataFilter:
- description: Event data filter definition.
- properties:
- data:
- description: Workflow expression that filters
- of the event data (payload).
- type: string
- toStateData:
- description: Workflow expression that selects
- a state data element to which the action
- results should be added/merged into. If
- not specified denotes the top-level state
- data element
- type: string
- useData:
- description: If set to false, event payload
- is not added/merged to state data. In this
- case 'data' and 'toStateData' should be
- ignored. Default is true.
- type: boolean
- type: object
- eventRef:
- description: References a unique event name in
- the defined workflow events.
- type: string
- metadata:
- description: Metadata information.
- x-kubernetes-preserve-unknown-fields: true
- name:
- description: Event condition name.
- type: string
- transition:
- description: Workflow transition if condition
- is evaluated to true
- x-kubernetes-preserve-unknown-fields: true
- required:
- - eventRef
- type: object
- type: array
- timeouts:
- description: SwitchState specific timeouts
- properties:
- eventTimeout:
- description: "Specify the expire value to transitions
- to defaultCondition. When event-based conditions
- do not arrive. NOTE: this is only available for
- EventConditions"
- type: string
- stateExecTimeout:
- description: Default workflow state execution timeout
- (ISO 8601 duration format)
- properties:
- single:
- description: Single state execution timeout,
- not including retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout,
- including retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- type: object
- required:
- - defaultCondition
- type: object
- transition:
- description: Next transition of the workflow after the time
- delay.
- x-kubernetes-preserve-unknown-fields: true
- type:
- description: stateType can be any of delay, callback, event,
- foreach, inject, operation, parallel, sleep, switch
- enum:
- - delay
- - callback
- - event
- - foreach
- - inject
- - operation
- - parallel
- - sleep
- - switch
- type: string
- usedForCompensation:
- description: If true, this state is used to compensate another
- state. Default is false.
- type: boolean
- required:
- - name
- - type
- type: object
- minItems: 1
- type: array
- x-kubernetes-preserve-unknown-fields: true
- timeouts:
- description: Defines the workflow default timeout settings.
- properties:
- actionExecTimeout:
- description: ActionExecTimeout Single actions definition execution
- timeout duration (ISO 8601 duration format).
- type: string
- branchExecTimeout:
- description: BranchExecTimeout Single branch execution timeout
- duration (ISO 8601 duration format).
- type: string
- eventTimeout:
- description: EventTimeout Timeout duration to wait for consuming
- defined events (ISO 8601 duration format).
- type: string
- stateExecTimeout:
- description: StateExecTimeout Total state execution timeout
- (including retries) (ISO 8601 duration format).
- properties:
- single:
- description: Single state execution timeout, not including
- retries (ISO 8601 duration format)
- type: string
- total:
- description: Total state execution timeout, including
- retries (ISO 8601 duration format)
- type: string
- required:
- - total
- type: object
- workflowExecTimeout:
- description: WorkflowExecTimeout Workflow execution timeout
- duration (ISO 8601 duration format). If not specified should
- be 'unlimited'.
- properties:
- duration:
- default: unlimited
- description: Workflow execution timeout duration (ISO
- 8601 duration format). If not specified should be 'unlimited'.
- type: string
- interrupt:
- description: If false, workflow instance is allowed to
- finish current execution. If true, current workflow
- execution is stopped immediately. Default is false.
- type: boolean
- runBefore:
- description: Name of a workflow state to be executed before
- workflow instance is terminated.
- type: string
- required:
- - duration
- type: object
- type: object
- required:
- - states
- type: object
- persistence:
- description: Persistence defines the database persistence configuration
- for the workflow
- maxProperties: 1
- properties:
- postgresql:
- description: Connect configured services to a postgresql database.
- maxProperties: 2
- minProperties: 2
- properties:
- jdbcUrl:
- description: PostgreSql JDBC URL. Mutually exclusive to serviceRef.
- e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
- type: string
- secretRef:
- description: Secret reference to the database user credentials
- properties:
- name:
- description: Name of the postgresql credentials secret.
- type: string
- passwordKey:
- description: Defaults to POSTGRESQL_PASSWORD
- type: string
- userKey:
- description: Defaults to POSTGRESQL_USER
- type: string
- required:
- - name
- type: object
- serviceRef:
- description: Service reference to postgresql datasource. Mutually
- exclusive to jdbcUrl.
- properties:
- databaseName:
- description: Name of postgresql database to be used. Defaults
- to "sonataflow"
- type: string
- databaseSchema:
- description: Schema of postgresql database to be used.
- Defaults to "data-index-service"
- type: string
- name:
- description: Name of the postgresql k8s service.
- type: string
- namespace:
- description: Namespace of the postgresql k8s service.
- Defaults to the SonataFlowPlatform's local namespace.
- type: string
- port:
- description: Port to use when connecting to the postgresql
- k8s service. Defaults to 5432.
- type: integer
- required:
- - name
- type: object
- required:
- - secretRef
- type: object
- type: object
- podTemplate:
- description: PodTemplate describes the deployment details of this
- SonataFlow instance.
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod may be active
- on the node relative to StartTime before the system will actively
- try to mark it failed and kill associated containers. Value
- must be a positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling rules for
- the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the most preferred.
- items:
- description: An empty preferred scheduling term matches
- all objects with implicit weight 0 (i.e. it's a no-op).
- A null preferred scheduling term matches no objects
- (i.e. is also a no-op).
- properties:
- preference:
- description: A node selector term, associated with
- the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with matching the
- corresponding nodeSelectorTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod from
- its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node selector terms.
- The terms are ORed.
- items:
- description: A null or empty node selector term
- matches no objects. The requirements of them are
- ANDed. The TopologySelectorTerm type implements
- a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector requirements
- by node's labels.
- items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector requirements
- by node's fields.
- items:
- description: A node selector requirement is
- a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: The label key that the selector
- applies to.
- type: string
- operator:
- description: Represents a key's relationship
- to a set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string values.
- If the operator is In or NotIn, the
- values array must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be empty. If the
- operator is Gt or Lt, the values array
- must have a single element, which will
- be interpreted as an integer. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- type: array
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling rules (e.g.
- co-locate this pod in the same node, zone, etc. as some
- other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the affinity expressions specified
- by this field, but it may choose a node that violates
- one or more of the expressions. The node that is most
- preferred is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred
- node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements specified by
- this field are not met at scheduling time, the pod will
- not be scheduled onto the node. If the affinity requirements
- specified by this field cease to be met at some point
- during pod execution (e.g. due to a pod label update),
- the system may or may not try to eventually evict the
- pod from its node. When there are multiple elements,
- the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling rules
- (e.g. avoid putting this pod in the same node, zone, etc.
- as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to schedule pods
- to nodes that satisfy the anti-affinity expressions
- specified by this field, but it may choose a node that
- violates one or more of the expressions. The node that
- is most preferred is the one with the greatest sum of
- weights, i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a sum by iterating
- through the elements of this field and adding "weight"
- to the sum if the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest sum are
- the most preferred.
- items:
- description: The weights of all of the matched WeightedPodAffinityTerm
- fields are added per-node to find the most preferred
- node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity term, associated
- with the corresponding weight.
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by
- this field and the ones listed in the namespaces
- field. null selector and null or empty namespaces
- list means "this pod's namespace". An empty
- selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to.
- The term is applied to the union of the namespaces
- listed in this field and the ones selected
- by namespaceSelector. null or empty namespaces
- list and null namespaceSelector means "this
- pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the
- pods matching the labelSelector in the specified
- namespaces, where co-located is defined as
- running on a node whose value of the label
- with key topologyKey matches that of any node
- on which any of the selected pods is running.
- Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with matching the
- corresponding podAffinityTerm, in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements specified
- by this field are not met at scheduling time, the pod
- will not be scheduled onto the node. If the anti-affinity
- requirements specified by this field cease to be met
- at some point during pod execution (e.g. due to a pod
- label update), the system may or may not try to eventually
- evict the pod from its node. When there are multiple
- elements, the lists of nodes corresponding to each podAffinityTerm
- are intersected, i.e. all terms must be satisfied.
- items:
- description: Defines a set of pods (namely those matching
- the labelSelector relative to the given namespace(s))
- that this pod should be co-located (affinity) or not
- co-located (anti-affinity) with, where co-located
- is defined as running on a node whose value of the
- label with key matches that of any node
- on which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set of resources,
- in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the set of namespaces
- that the term applies to. The term is applied
- to the union of the namespaces selected by this
- field and the ones listed in the namespaces field.
- null selector and null or empty namespaces list
- means "this pod's namespace". An empty selector
- ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are
- ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
- properties:
- key:
- description: key is the label key that
- the selector applies to.
- type: string
- operator:
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a static list
- of namespace names that the term applies to. The
- term is applied to the union of the namespaces
- listed in this field and the ones selected by
- namespaceSelector. null or empty namespaces list
- and null namespaceSelector means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located (affinity)
- or not co-located (anti-affinity) with the pods
- matching the labelSelector in the specified namespaces,
- where co-located is defined as running on a node
- whose value of the label with key topologyKey
- matches that of any node on which any of the selected
- pods is running. Empty topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates whether a
- service account token should be automatically mounted.
- type: boolean
- container:
- description: Container is the Kubernetes container where the application
- should run. One can change this attribute in order to override
- the defaults provided by the operator.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container image''s
- CMD is used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s environment.
- If a variable cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated. More
- info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell.
- The container image''s ENTRYPOINT is used if this is not
- provided. Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable present
- in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables
- in the container and any service environment variables.
- If a variable cannot be resolved, the reference in
- the input string will be unchanged. Double $$ are
- reduced to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether the
- variable exists or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment variable's value.
- Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for volumes,
- optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the pod's
- namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or its
- key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must
- be a C_IDENTIFIER. All invalid keys will be reported as
- an event when the container is starting. When a key exists
- in multiple sources, the value associated with the last
- source will take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a set
- of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend to each
- key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the Secret must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should take
- in response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately after a
- container is created. If the handler fails, the container
- is terminated and restarted according to its restart
- policy. Other management of the container blocks until
- the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory
- for the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it
- is not run inside a shell, so traditional shell
- instructions ('|', etc) won't work. To use a
- shell, you need to explicitly call out to that
- shell. Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to
- perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this field
- and lifecycle hooks will fail in runtime when tcp
- handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before a container
- is terminated due to an API request or management event
- such as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is not called
- if the container crashes or exits. The Pod's termination
- grace period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the handler,
- the container will eventually terminate within the Pod's
- termination grace period (unless delayed by finalizers).
- Other management of the container blocks until the hook
- completes or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory
- for the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it
- is not run inside a shell, so traditional shell
- instructions ('|', etc) won't work. To use a
- shell, you need to explicitly call out to that
- shell. Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request to
- perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this field
- and lifecycle hooks will fail in runtime when tcp
- handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service to
- place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container has
- started before liveness probes are initiated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving a
- TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to, defaults
- to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided by
- the pod spec. Value must be non-negative integer. The
- value zero indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta field
- and requires enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- ports:
- description: List of ports to expose from the container. Not
- specifying a port here DOES NOT prevent that port from being
- exposed. Any port which is listening on the default ""
- address inside a container will be accessible from the network.
- Modifying this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in
- a single container.
- properties:
- containerPort:
- description: Number of port to expose on the pod's IP
- address. This must be a valid port number, 0 < x <
- 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external port
- to.
- type: string
- hostPort:
- description: Number of port to expose on the host. If
- specified, this must be a valid port number, 0 < x
- < 65536. If HostNetwork is specified, this must match
- ContainerPort. Most containers do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a pod
- must have a unique name. Name for the port that can
- be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP, TCP, or
- SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service readiness.
- Container will be removed from service endpoints if the
- probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service to
- place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container has
- started before liveness probes are initiated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving a
- TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to, defaults
- to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided by
- the pod spec. Value must be non-negative integer. The
- value zero indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta field
- and requires enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource resize
- policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which this resource
- resize policy applies. Supported values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it defaults
- to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where this
- field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount of
- compute resources required. If Requests is omitted for
- a container, it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined value.
- Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security options
- the container should be run with. If set, the fields of
- SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls whether
- a process can gain more privileges than its parent process.
- This bool directly controls if the no_new_privs flag
- will be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN Note that this field cannot be
- set when spec.os.name is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running
- containers. Defaults to the default set of capabilities
- granted by the container runtime. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes
- in privileged containers are essentially equivalent
- to root on the host. Defaults to false. Note that this
- field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount
- to use for the containers. The default is DefaultProcMount
- which uses the container runtime defaults for readonly
- paths and masked paths. This requires the ProcMountType
- feature flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only root
- filesystem. Default is false. Note that this field cannot
- be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as
- a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not run
- as UID 0 (root) and fail to start the container if it
- does. If unset or false, no such validation will be
- performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata
- if unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the
- container. If unspecified, the container runtime will
- allocate a random SELinux context for each container. May
- also be set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this container.
- If seccomp options are provided at both the pod & container
- level, the container options override the pod options.
- Note that this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used. The
- profile must be preconfigured on the node to work.
- Must be a descending path, relative to the kubelet's
- configured seccomp profile location. Must only be
- set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are: \n Localhost
- - a profile defined in a file on the node should
- be used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined - no
- profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied to
- all containers. If unspecified, the options from the
- PodSecurityContext will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec
- named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of
- the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container. This
- field is alpha-level and will only be honored by
- components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the feature
- flag will result in errors when validating the Pod.
- All of a Pod's containers must have the same effective
- HostProcess value (it is not allowed to have a mix
- of HostProcess containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set
- in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed
- until this completes successfully. If this probe fails,
- the Pod will be restarted, just as if the livenessProbe
- failed. This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it might take
- a long time to load data or warm a cache, than during steady-state
- operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's filesystem.
- The command is simply exec'd, it is not run inside
- a shell, so traditional shell instructions ('|',
- etc) won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is treated
- as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service to
- place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container has
- started before liveness probes are initiated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum value
- is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving a
- TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to, defaults
- to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided by
- the pod spec. Value must be non-negative integer. The
- value zero indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta field
- and requires enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer
- for stdin in the container runtime. If this is not set,
- reads from stdin in the container will always result in
- EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close the
- stdin channel after it has been opened by a single attach.
- When stdin is true the stdin stream will remain open across
- multiple attach sessions. If stdinOnce is set to true, stdin
- is opened on container start, is empty until the first client
- attaches to stdin, and then remains open and accepts data
- until the client disconnects, at which time stdin is closed
- and remains closed until the container is restarted. If
- this flag is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to which the
- container's termination message will be written is mounted
- into the container's filesystem. Message written is intended
- to be brief final status, such as an assertion failure message.
- Will be truncated by the node if greater than 4096 bytes.
- The total message length across all containers will be limited
- to 12kb. Defaults to /dev/termination-log. Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should be
- populated. File will use the contents of terminationMessagePath
- to populate the container status message on both success
- and failure. FallbackToLogsOnError will use the last chunk
- of container log output if the termination message file
- is empty and the container exited with an error. The log
- output is limited to 2048 bytes or 80 lines, whichever is
- smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate a TTY
- for itself, also requires 'stdin' to be true. Default is
- false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices to
- be used by the container.
- items:
- description: volumeDevice describes a mapping of a raw block
- device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the container
- that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume
- within a container.
- properties:
- mountPath:
- description: Path within the container at which the
- volume should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts
- are propagated from the host to container and the
- other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write otherwise
- (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the container's
- volume should be mounted. Defaults to "" (volume's
- root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from which
- the container's volume should be mounted. Behaves
- similarly to SubPath but environment variable references
- $(VAR_NAME) are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr and SubPath
- are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- type: object
- containers:
- description: List of containers belonging to the pod. Containers
- cannot currently be added or removed. There must be at least
- one container in a Pod. Cannot be updated.
- items:
- description: A single application container that you want to
- run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell.
- The container image''s ENTRYPOINT is used if this is not
- provided. Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable cannot
- be resolved, the reference in the input string will be
- unchanged. Double $$ are reduced to a single $, which
- allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of whether
- the variable exists or not. Cannot be updated. More info:
- https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set in the
- container. Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are
- expanded using the previously defined environment
- variables in the container and any service environment
- variables. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for
- volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the
- pod's namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must
- be a C_IDENTIFIER. All invalid keys will be reported as
- an event when the container is starting. When a key exists
- in multiple sources, the value associated with the last
- source will take precedence. Values defined by an Env
- with a duplicate key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a
- set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend to
- each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the Secret must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should take
- in response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately after
- a container is created. If the handler fails, the
- container is terminated and restarted according to
- its restart policy. Other management of the container
- blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/') in
- the container's filesystem. The command is
- simply exec'd, it is not run inside a shell,
- so traditional shell instructions ('|', etc)
- won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is
- treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to
- the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this
- field and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before a
- container is terminated due to an API request or management
- event such as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is not called
- if the container crashes or exits. The Pod's termination
- grace period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the handler,
- the container will eventually terminate within the
- Pod's termination grace period (unless delayed by
- finalizers). Other management of the container blocks
- until the hook completes or until the termination
- grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/') in
- the container's filesystem. The command is
- simply exec'd, it is not run inside a shell,
- so traditional shell instructions ('|', etc)
- won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is
- treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to
- the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this
- field and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL.
- Each container in a pod must have a unique name (DNS_LABEL).
- Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that port
- from being exposed. Any port which is listening on the
- default "" address inside a container will be accessible
- from the network. Modifying this array with strategic
- merge patch may corrupt the data. For more information
- See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in
- a single container.
- properties:
- containerPort:
- description: Number of port to expose on the pod's
- IP address. This must be a valid port number, 0
- < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external port
- to.
- type: string
- hostPort:
- description: Number of port to expose on the host.
- If specified, this must be a valid port number,
- 0 < x < 65536. If HostNetwork is specified, this
- must match ContainerPort. Most containers do not
- need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a
- pod must have a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP, TCP,
- or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service readiness.
- Container will be removed from service endpoints if the
- probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which this resource
- resize policy applies. Supported values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it defaults
- to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in
- PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where
- this field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of
- compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is omitted
- for a container, it defaults to Limits if that is
- explicitly specified, otherwise to an implementation-defined
- value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security options
- the container should be run with. If set, the fields of
- SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls whether
- a process can gain more privileges than its parent
- process. This bool directly controls if the no_new_privs
- flag will be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN Note that this field cannot be
- set when spec.os.name is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running
- containers. Defaults to the default set of capabilities
- granted by the container runtime. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes
- in privileged containers are essentially equivalent
- to root on the host. Defaults to false. Note that
- this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount
- to use for the containers. The default is DefaultProcMount
- which uses the container runtime defaults for readonly
- paths and masked paths. This requires the ProcMountType
- feature flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that this
- field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as
- a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not run
- as UID 0 (root) and fail to start the container if
- it does. If unset or false, no such validation will
- be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata
- if unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the
- container. If unspecified, the container runtime will
- allocate a random SELinux context for each container. May
- also be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name is
- windows.
- properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this container.
- If seccomp options are provided at both the pod &
- container level, the container options override the
- pod options. Note that this field cannot be set when
- spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative to
- the kubelet's configured seccomp profile location.
- Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are: \n
- Localhost - a profile defined in a file on the
- node should be used. RuntimeDefault - the container
- runtime default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied to
- all containers. If unspecified, the options from the
- PodSecurityContext will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec
- named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container. This
- field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the feature
- flag will result in errors when validating the
- Pod. All of a Pod's containers must have the same
- effective HostProcess value (it is not allowed
- to have a mix of HostProcess containers and non-HostProcess
- containers). In addition, if HostProcess is true
- then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed
- until this completes successfully. If this probe fails,
- the Pod will be restarted, just as if the livenessProbe
- failed. This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it might
- take a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer
- for stdin in the container runtime. If this is not set,
- reads from stdin in the container will always result in
- EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close
- the stdin channel after it has been opened by a single
- attach. When stdin is true the stdin stream will remain
- open across multiple attach sessions. If stdinOnce is
- set to true, stdin is opened on container start, is empty
- until the first client attaches to stdin, and then remains
- open and accepts data until the client disconnects, at
- which time stdin is closed and remains closed until the
- container is restarted. If this flag is false, a container
- processes that reads from stdin will never receive an
- EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to which
- the container's termination message will be written is
- mounted into the container's filesystem. Message written
- is intended to be brief final status, such as an assertion
- failure message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across all containers
- will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should
- be populated. File will use the contents of terminationMessagePath
- to populate the container status message on both success
- and failure. FallbackToLogsOnError will use the last chunk
- of container log output if the termination message file
- is empty and the container exited with an error. The log
- output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate a TTY
- for itself, also requires 'stdin' to be true. Default
- is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of a raw
- block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the
- container that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume
- within a container.
- properties:
- mountPath:
- description: Path within the container at which the
- volume should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts
- are propagated from the host to container and the
- other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the
- container's volume should be mounted. Defaults to
- "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from
- which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable
- references $(VAR_NAME) are expanded using the container's
- environment. Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might
- be configured in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses. This
- will be appended to the base nameservers generated from
- DNSPolicy. Duplicated nameservers will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This will be
- merged with the base options generated from DNSPolicy. Duplicated
- entries will be removed. Resolution options given in Options
- will override those that appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS resolver options
- of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for host-name lookup.
- This will be appended to the base search paths generated
- from DNSPolicy. Duplicated search paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig will
- be merged with the policy selected with DNSPolicy. To have DNS
- options set along with hostNetwork, you have to specify DNS
- policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: "EnableServiceLinks indicates whether information
- about services should be injected into pod's environment variables,
- matching the syntax of Docker links. Optional: Defaults to true."
- type: boolean
- hostAliases:
- description: HostAliases is an optional list of hosts and IPs
- that will be injected into the pod's hosts file if specified.
- This is only valid for non-hostNetwork pods.
- items:
- description: HostAlias holds the mapping between IP and hostnames
- that will be injected as an entry in the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: "Use the host's ipc namespace. Optional: Default
- to false."
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod. Use the host's
- network namespace. If this option is set, the ports that will
- be used must be specified. Default to false.
- type: boolean
- hostPID:
- description: "Use the host's pid namespace. Optional: Default
- to false."
- type: boolean
- hostUsers:
- description: "Use the host's user namespace. Optional: Default
- to true. If set to true or not present, the pod will be run
- in the host user namespace, useful for when the pod needs a
- feature only available to the host user namespace, such as loading
- a kernel module with CAP_SYS_MODULE. When set to false, a new
- userns is created for the pod. Setting false is useful for mitigating
- container breakout vulnerabilities even allowing users to run
- their containers as root without actually having root privileges
- on the host. This field is alpha-level and is only honored by
- servers that enable the UserNamespacesSupport feature."
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If not specified,
- the pod's hostname will be set to a system-defined value.
- type: string
- imagePullSecrets:
- description: "ImagePullSecrets is an optional list of references
- to secrets in the same namespace to use for pulling any of the
- images used by this PodSpec. If specified, these secrets will
- be passed to individual puller implementations for them to use.
- More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod"
- items:
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the same namespace.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- initContainers:
- description: "List of initialization containers belonging to the
- pod. Init containers are executed in order prior to containers
- being started. If any init container fails, the pod is considered
- to have failed and is handled according to its restartPolicy.
- The name for an init container or normal container must be unique
- among all containers. Init containers may not have Lifecycle
- actions, Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken into
- account during scheduling by finding the highest request/limit
- for each resource type, and then using the max of of that value
- or the sum of the normal containers. Limits are applied to init
- containers in a similar fashion. Init containers cannot currently
- be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
- items:
- description: A single application container that you want to
- run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never be expanded,
- regardless of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed within a shell.
- The container image''s ENTRYPOINT is used if this is not
- provided. Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable cannot
- be resolved, the reference in the input string will be
- unchanged. Double $$ are reduced to a single $, which
- allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of whether
- the variable exists or not. Cannot be updated. More info:
- https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to set in the
- container. Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable. Must
- type: string
- value:
- description: 'Variable references $(VAR_NAME) are
- expanded using the previously defined environment
- variables in the container and any service environment
- variables. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Defaults to
- "".'
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for
- volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in the
- pod's namespace
- properties:
- key:
- description: The key of the secret to select
- from. Must be a valid secret key.
- type: string
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: Specify whether the Secret or
- its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment variables
- in the container. The keys defined within a source must
- be a C_IDENTIFIER. All invalid keys will be reported as
- an event when the container is starting. When a key exists
- in multiple sources, the value associated with the last
- source will take precedence. Values defined by an Env
- with a duplicate key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the source of a
- set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the ConfigMap must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend to
- each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- optional:
- description: Specify whether the Secret must be
- defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management
- to default or override container images in workload controllers
- like Deployments and StatefulSets."
- type: string
- imagePullPolicy:
- description: "Image pull policy. One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
- type: string
- lifecycle:
- description: Actions that the management system should take
- in response to container lifecycle events. Cannot be updated.
- properties:
- postStart:
- description: "PostStart is called immediately after
- a container is created. If the handler fails, the
- container is terminated and restarted according to
- its restart policy. Other management of the container
- blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/') in
- the container's filesystem. The command is
- simply exec'd, it is not run inside a shell,
- so traditional shell instructions ('|', etc)
- won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is
- treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to
- the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this
- field and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: "PreStop is called immediately before a
- container is terminated due to an API request or management
- event such as liveness/startup probe failure, preemption,
- resource contention, etc. The handler is not called
- if the container crashes or exits. The Pod's termination
- grace period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the handler,
- the container will eventually terminate within the
- Pod's termination grace period (unless delayed by
- finalizers). Other management of the container blocks
- until the hook completes or until the termination
- grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/') in
- the container's filesystem. The command is
- simply exec'd, it is not run inside a shell,
- so traditional shell instructions ('|', etc)
- won't work. To use a shell, you need to explicitly
- call out to that shell. Exit status of 0 is
- treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set "Host"
- in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: The header field name. This
- will be canonicalized upon output, so
- case-variant names will be understood
- as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to
- the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is NOT supported
- as a LifecycleHandler and kept for the backward
- compatibility. There are no validation of this
- field and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: "Optional: Host name to connect
- to, defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: "Periodic probe of container liveness. Container
- will be restarted if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified as a DNS_LABEL.
- Each container in a pod must have a unique name (DNS_LABEL).
- Cannot be updated.
- type: string
- ports:
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that port
- from being exposed. Any port which is listening on the
- default "" address inside a container will be accessible
- from the network. Modifying this array with strategic
- merge patch may corrupt the data. For more information
- See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port in
- a single container.
- properties:
- containerPort:
- description: Number of port to expose on the pod's
- IP address. This must be a valid port number, 0
- < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external port
- to.
- type: string
- hostPort:
- description: Number of port to expose on the host.
- If specified, this must be a valid port number,
- 0 < x < 65536. If HostNetwork is specified, this
- must match ContainerPort. Most containers do not
- need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port in a
- pod must have a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be UDP, TCP,
- or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: "Periodic probe of container service readiness.
- Container will be removed from service endpoints if the
- probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: "Name of the resource to which this resource
- resize policy applies. Supported values: cpu, memory."
- type: string
- restartPolicy:
- description: Restart policy to apply when specified
- resource is resized. If not specified, it defaults
- to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- properties:
- claims:
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
- items:
- description: ResourceClaim references one entry in
- PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where
- this field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of
- compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is omitted
- for a container, it defaults to Limits if that is
- explicitly specified, otherwise to an implementation-defined
- value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- securityContext:
- description: "SecurityContext defines the security options
- the container should be run with. If set, the fields of
- SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
- properties:
- allowPrivilegeEscalation:
- description: "AllowPrivilegeEscalation controls whether
- a process can gain more privileges than its parent
- process. This bool directly controls if the no_new_privs
- flag will be set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run as Privileged
- 2) has CAP_SYS_ADMIN Note that this field cannot be
- set when spec.os.name is windows."
- type: boolean
- capabilities:
- description: The capabilities to add/drop when running
- containers. Defaults to the default set of capabilities
- granted by the container runtime. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged mode. Processes
- in privileged containers are essentially equivalent
- to root on the host. Defaults to false. Note that
- this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: procMount denotes the type of proc mount
- to use for the containers. The default is DefaultProcMount
- which uses the container runtime defaults for readonly
- paths and masked paths. This requires the ProcMountType
- feature flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that this
- field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as
- a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not run
- as UID 0 (root) and fail to start the container if
- it does. If unset or false, no such validation will
- be performed. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata
- if unspecified. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to the
- container. If unspecified, the container runtime will
- allocate a random SELinux context for each container. May
- also be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name is
- windows.
- properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by this container.
- If seccomp options are provided at both the pod &
- container level, the container options override the
- pod options. Note that this field cannot be set when
- spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative to
- the kubelet's configured seccomp profile location.
- Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are: \n
- Localhost - a profile defined in a file on the
- node should be used. RuntimeDefault - the container
- runtime default profile should be used. Unconfined
- - no profile should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings applied to
- all containers. If unspecified, the options from the
- PodSecurityContext will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec
- named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container. This
- field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the feature
- flag will result in errors when validating the
- Pod. All of a Pod's containers must have the same
- effective HostProcess value (it is not allowed
- to have a mix of HostProcess containers and non-HostProcess
- containers). In addition, if HostProcess is true
- then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: "StartupProbe indicates that the Pod has successfully
- initialized. If specified, no other probes are executed
- until this completes successfully. If this probe fails,
- the Pod will be restarted, just as if the livenessProbe
- failed. This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it might
- take a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: Command is the command line to execute
- inside the container, the working directory for
- the command is root ('/') in the container's
- filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you need
- to explicitly call out to that shell. Exit status
- of 0 is treated as live/healthy and non-zero is
- unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures for the probe
- to be considered failed after having succeeded. Defaults
- to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving a GRPC
- port.
- properties:
- port:
- description: Port number of the gRPC service. Number
- must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default behavior
- is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request to perform.
- properties:
- host:
- description: Host name to connect to, defaults to
- the pod IP. You probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom header
- to be used in HTTP probes
- properties:
- name:
- description: The header field name. This will
- be canonicalized upon output, so case-variant
- names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting to the
- host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes for the probe
- to be considered successful after having failed. Defaults
- to 1. Must be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: "Optional: Host name to connect to,
- defaults to the pod IP."
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port to access
- on the container. Number must be in the range
- 1 to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs
- to terminate gracefully upon probe failure. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. If this value is nil,
- the pod's terminationGracePeriodSeconds will be used.
- Otherwise, this value overrides the value provided
- by the pod spec. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). This is
- a beta field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: "Number of seconds after which the probe
- times out. Defaults to 1 second. Minimum value is
- 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate a buffer
- for stdin in the container runtime. If this is not set,
- reads from stdin in the container will always result in
- EOF. Default is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should close
- the stdin channel after it has been opened by a single
- attach. When stdin is true the stdin stream will remain
- open across multiple attach sessions. If stdinOnce is
- set to true, stdin is opened on container start, is empty
- until the first client attaches to stdin, and then remains
- open and accepts data until the client disconnects, at
- which time stdin is closed and remains closed until the
- container is restarted. If this flag is false, a container
- processes that reads from stdin will never receive an
- EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: "Optional: Path at which the file to which
- the container's termination message will be written is
- mounted into the container's filesystem. Message written
- is intended to be brief final status, such as an assertion
- failure message. Will be truncated by the node if greater
- than 4096 bytes. The total message length across all containers
- will be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated."
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message should
- be populated. File will use the contents of terminationMessagePath
- to populate the container status message on both success
- and failure. FallbackToLogsOnError will use the last chunk
- of container log output if the termination message file
- is empty and the container exited with an error. The log
- output is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate a TTY
- for itself, also requires 'stdin' to be true. Default
- is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of a raw
- block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of the
- container that the device will be mapped to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a Volume
- within a container.
- properties:
- mountPath:
- description: Path within the container at which the
- volume should be mounted. Must not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines how mounts
- are propagated from the host to container and the
- other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from which the
- container's volume should be mounted. Defaults to
- "" (volume's root).
- type: string
- subPathExpr:
- description: Expanded path within the volume from
- which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable
- references $(VAR_NAME) are expanded using the container's
- environment. Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory. If not specified,
- the container runtime's default will be used, which might
- be configured in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this pod onto a
- specific node. If it is non-empty, the scheduler simply schedules
- this pod onto that node, assuming that it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: "NodeSelector is a selector which must be true for
- the pod to fit on a node. Selector which must match a node's
- labels for the pod to be scheduled on that node. More info:
- https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
- type: object
- x-kubernetes-map-type: atomic
- os:
- description: "Specifies the OS of the containers in the pod. Some
- pod and container fields are restricted if this is set. \n If
- the OS field is set to linux, the following fields must be unset:
- -securityContext.windowsOptions \n If the OS field is set to
- windows, following fields must be unset: - spec.hostPID - spec.hostIPC
- - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
- - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
- - spec.securityContext.sysctls - spec.shareProcessNamespace
- - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
- - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
- - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities
- - spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- - spec.containers[*].securityContext.runAsGroup"
- properties:
- name:
- description: "Name is the name of the operating system. The
- currently supported values are linux and windows. Additional
- value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values and treat
- unrecognized values in this field as os: null"
- type: string
- required:
- - name
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Overhead represents the resource overhead associated
- with running a pod for a given RuntimeClass. This field will
- be autopopulated at admission time by the RuntimeClass admission
- controller. If the RuntimeClass admission controller is enabled,
- overhead must not be set in Pod create requests. The RuntimeClass
- admission controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured and
- selected in the PodSpec, Overhead will be set to the value defined
- in the corresponding RuntimeClass, otherwise it will remain
- unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md"
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting pods
- with lower priority. One of Never, PreemptLowerPriority. Defaults
- to PreemptLowerPriority if unset.
- type: string
- priority:
- description: The priority value. Various system components use
- this field to find the priority of the pod. When Priority Admission
- Controller is enabled, it prevents users from setting this field.
- The admission controller populates this field from PriorityClassName.
- The higher the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority. "system-node-critical"
- and "system-cluster-critical" are two special keywords which
- indicate the highest priorities with the former being the highest
- priority. Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority will
- be default or zero if there is no default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will be evaluated
- for pod readiness. A pod is ready when all its containers are
- ready AND all conditions specified in the readiness gates have
- status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
- items:
- description: PodReadinessGate contains the reference to a pod
- condition
- properties:
- conditionType:
- description: ConditionType refers to a condition in the
- pod's condition list with matching type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- replicas:
- format: int32
- type: integer
- resourceClaims:
- description: "ResourceClaims defines which ResourceClaims must
- be allocated and reserved before the Pod is allowed to start.
- The resources will be made available to those containers which
- consume them by name. \n This is an alpha field and requires
- enabling the DynamicResourceAllocation feature gate. \n This
- field is immutable."
- items:
- description: PodResourceClaim references exactly one ResourceClaim
- through a ClaimSource. It adds a name to it that uniquely
- identifies the ResourceClaim inside the Pod. Containers that
- need access to the ResourceClaim reference it with this name.
- properties:
- name:
- description: Name uniquely identifies this resource claim
- inside the pod. This must be a DNS_LABEL.
- type: string
- source:
- description: Source describes where to find the ResourceClaim.
- properties:
- resourceClaimName:
- description: ResourceClaimName is the name of a ResourceClaim
- object in the same namespace as this pod.
- type: string
- resourceClaimTemplateName:
- description: "ResourceClaimTemplateName is the name
- of a ResourceClaimTemplate object in the same namespace
- as this pod. \n The template will be used to create
- a new ResourceClaim, which will be bound to this pod.
- When this pod is deleted, the ResourceClaim will also
- be deleted. The name of the ResourceClaim will be
- -, where
- is the PodResourceClaim.Name. Pod validation will
- reject the pod if the concatenated name is not valid
- for a ResourceClaim (e.g. too long). \n An existing
- ResourceClaim with that name that is not owned by
- the pod will not be used for the pod to avoid using
- an unrelated resource by mistake. Scheduling and pod
- startup are then blocked until the unrelated ResourceClaim
- is removed. \n This field is immutable and no changes
- will be made to the corresponding ResourceClaim by
- the control plane after creating the ResourceClaim."
- type: string
- type: object
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- restartPolicy:
- description: "Restart policy for all containers within the pod.
- One of Always, OnFailure, Never. In some contexts, only a subset
- of those values may be permitted. Default to Always. More info:
- https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy"
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass object
- in the node.k8s.io group, which should be used to run this pod. If
- no RuntimeClass resource matches the named class, the pod will
- not be run. If unset or empty, the "legacy" RuntimeClass will
- be used, which is an implicit class with an empty definition
- that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched by specified
- scheduler. If not specified, the pod will be dispatched by default
- scheduler.
- type: string
- schedulingGates:
- description: "SchedulingGates is an opaque list of values that
- if specified will block scheduling the pod. If schedulingGates
- is not empty, the pod will stay in the SchedulingGated state
- and the scheduler will not attempt to schedule the pod. \n SchedulingGates
- can only be set at pod creation time, and be removed only afterwards.
- \n This is a beta feature enabled by the PodSchedulingReadiness
- feature gate."
- items:
- description: PodSchedulingGate is associated to a Pod to guard
- its scheduling.
- properties:
- name:
- description: Name of the scheduling gate. Each scheduling
- gate must have a unique name field.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- securityContext:
- description: "SecurityContext holds pod-level security attributes
- and common container settings. Optional: Defaults to empty. See
- type description for default values of each field."
- properties:
- fsGroup:
- description: "A special supplemental group that applies to
- all containers in a pod. Some volume types allow the Kubelet
- to change the ownership of that volume to be owned by the
- pod: \n 1. The owning GID will be the FSGroup 2. The setgid
- bit is set (new files created in the volume will be owned
- by FSGroup) 3. The permission bits are OR'd with rw-rw----
- \n If unset, the Kubelet will not modify the ownership and
- permissions of any volume. Note that this field cannot be
- set when spec.os.name is windows."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior of changing
- ownership and permission of the volume before being exposed
- inside Pod. This field will only apply to volume types which
- support fsGroup based ownership(and permissions). It will
- have no effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used. Note that
- this field cannot be set when spec.os.name is windows.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of the container
- process. Uses runtime default if unset. May also be set
- in SecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container. Note that this field
- cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must run as a non-root
- user. If true, the Kubelet will validate the image at runtime
- to ensure that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset or false, no
- such validation will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of the container
- process. Defaults to user specified in image metadata if
- unspecified. May also be set in SecurityContext. If set
- in both SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for that container.
- Note that this field cannot be set when spec.os.name is
- windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied to all containers.
- If unspecified, the container runtime will allocate a random
- SELinux context for each container. May also be set in
- SecurityContext. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container. Note that this field cannot be set when
- spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that applies
- to the container.
- type: string
- role:
- description: Role is a SELinux role label that applies
- to the container.
- type: string
- type:
- description: Type is a SELinux type label that applies
- to the container.
- type: string
- user:
- description: User is a SELinux user label that applies
- to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the containers
- in this pod. Note that this field cannot be set when spec.os.name
- is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a profile defined
- in a file on the node should be used. The profile must
- be preconfigured on the node to work. Must be a descending
- path, relative to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of seccomp profile
- will be applied. Valid options are: \n Localhost - a
- profile defined in a file on the node should be used.
- RuntimeDefault - the container runtime default profile
- should be used. Unconfined - no profile should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first process
- run in each container, in addition to the container's primary
- GID, the fsGroup (if specified), and group memberships defined
- in the container image for the uid of the container process.
- If unspecified, no additional groups are added to any container.
- Note that group memberships defined in the container image
- for the uid of the container process are still effective,
- even if they are not included in this list. Note that this
- field cannot be set when spec.os.name is windows.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced sysctls used
- for the pod. Pods with unsupported sysctls (by the container
- runtime) might fail to launch. Note that this field cannot
- be set when spec.os.name is windows.
- items:
- description: Sysctl defines a kernel parameter to be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied to all
- containers. If unspecified, the options within a container's
- SecurityContext will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence. Note that this field cannot be set when
- spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the GMSA admission
- webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential spec named
- by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name of the
- GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container should
- be run as a 'Host Process' container. This field is
- alpha-level and will only be honored by components that
- enable the WindowsHostProcessContainers feature flag.
- Setting this field without the feature flag will result
- in errors when validating the Pod. All of a Pod's containers
- must have the same effective HostProcess value (it is
- not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition, if HostProcess
- is true then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run the entrypoint
- of the container process. Defaults to the user specified
- in image metadata if unspecified. May also be set in
- PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext
- takes precedence.
- type: string
- type: object
- type: object
- serviceAccountName:
- description: "ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/"
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured as
- the pod's FQDN, rather than the leaf name (the default). In
- Linux containers, this means setting the FQDN in the hostname
- field of the kernel (the nodename field of struct utsname).
- In Windows containers, this means setting the registry value
- of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect. Default
- to false.
- type: boolean
- shareProcessNamespace:
- description: "Share a single process namespace between all of
- the containers in a pod. When this is set containers will be
- able to view and signal processes from other containers in the
- same pod, and the first process in each container will not be
- assigned PID 1. HostPID and ShareProcessNamespace cannot both
- be set. Optional: Default to false."
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod hostname will
- be "...svc.".
- If not specified, the pod will not have a domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod needs to terminate
- gracefully. May be decreased in delete request. Value must be
- non-negative integer. The value zero indicates stop immediately
- via the kill signal (no opportunity to shut down). If this value
- is nil, the default grace period will be used instead. The grace
- period is the duration in seconds after the processes running
- in the pod are sent a termination signal and the time when the
- processes are forcibly halted with a kill signal. Set this value
- longer than the expected cleanup time for your process. Defaults
- to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached to tolerates
- any taint that matches the triple using
- the matching operator .
- properties:
- effect:
- description: Effect indicates the taint effect to match.
- Empty means match all taint effects. When specified, allowed
- values are NoSchedule, PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration applies
- to. Empty means match all taint keys. If the key is empty,
- operator must be Exists; this combination means to match
- all values and all keys.
- type: string
- operator:
- description: Operator represents a key's relationship to
- the value. Valid operators are Exists and Equal. Defaults
- to Equal. Exists is equivalent to wildcard for value,
- so that a pod can tolerate all taints of a particular
- category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the period of
- time the toleration (which must be of effect NoExecute,
- otherwise this field is ignored) tolerates the taint.
- By default, it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative values will
- be treated as 0 (evict immediately) by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration matches
- to. If the operator is Exists, the value should be empty,
- otherwise just a regular string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how a group of
- pods ought to spread across topology domains. Scheduler will
- schedule pods in a way which abides by the constraints. All
- topologySpreadConstraints are ANDed.
- items:
- description: TopologySpreadConstraint specifies how to spread
- matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching pods.
- Pods that match this label selector are counted to determine
- the number of pods in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In,
- NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists
- or DoesNotExist, the values array must be empty.
- This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field
- is "key", the operator is "In", and the values array
- contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: "MatchLabelKeys is a set of pod label keys
- to select the pods over which spreading will be calculated.
- The keys are used to lookup values from the incoming pod
- labels, those key-value labels are ANDed with labelSelector
- to select the group of existing pods over which spreading
- will be calculated for the incoming pod. The same key
- is forbidden to exist in both MatchLabelKeys and LabelSelector.
- MatchLabelKeys cannot be set when LabelSelector isn't
- set. Keys that don't exist in the incoming pod labels
- will be ignored. A null or empty list means only match
- against labelSelector. \n This is a beta field and requires
- the MatchLabelKeysInPodTopologySpread feature gate to
- be enabled (enabled by default)."
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: "MaxSkew describes the degree to which pods
- may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between the number
- of matching pods in the target topology and the global
- minimum. The global minimum is the minimum number of matching
- pods in an eligible domain or zero if the number of eligible
- domains is less than MinDomains. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the same labelSelector
- spread as 2/2/1: In this case, the global minimum is 1.
- | zone1 | zone2 | zone3 | | P P | P P | P | -
- if MaxSkew is 1, incoming pod can only be scheduled to
- zone3 to become 2/2/2; scheduling it onto zone1(zone2)
- would make the ActualSkew(3-1) on zone1(zone2) violate
- MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
- onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies that
- satisfy it. It's a required field. Default value is 1
- and 0 is not allowed."
- format: int32
- type: integer
- minDomains:
- description: "MinDomains indicates a minimum number of eligible
- domains. When the number of eligible domains with matching
- topology keys is less than minDomains, Pod Topology Spread
- treats \"global minimum\" as 0, and then the calculation
- of Skew is performed. And when the number of eligible
- domains with matching topology keys equals or greater
- than minDomains, this value has no effect on scheduling.
- As a result, when the number of eligible domains is less
- than minDomains, scheduler won't schedule more than maxSkew
- Pods to those domains. If value is nil, the constraint
- behaves as if MinDomains is equal to 1. Valid values are
- integers greater than 0. When value is not nil, WhenUnsatisfiable
- must be DoNotSchedule. \n For example, in a 3-zone cluster,
- MaxSkew is set to 2, MinDomains is set to 5 and pods with
- the same labelSelector spread as 2/2/2: | zone1 | zone2
- | zone3 | | P P | P P | P P | The number of domains
- is less than 5(MinDomains), so \"global minimum\" is treated
- as 0. In this situation, new pod with the same labelSelector
- cannot be scheduled, because computed skew will be 3(3
- - 0) if new Pod is scheduled to any of the three zones,
- it will violate MaxSkew. \n This is a beta field and requires
- the MinDomainsInPodTopologySpread feature gate to be enabled
- (enabled by default)."
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: "NodeAffinityPolicy indicates how we will treat
- Pod's nodeAffinity/nodeSelector when calculating pod topology
- spread skew. Options are: - Honor: only nodes matching
- nodeAffinity/nodeSelector are included in the calculations.
- - Ignore: nodeAffinity/nodeSelector are ignored. All nodes
- are included in the calculations. \n If this value is
- nil, the behavior is equivalent to the Honor policy. This
- is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- nodeTaintsPolicy:
- description: "NodeTaintsPolicy indicates how we will treat
- node taints when calculating pod topology spread skew.
- Options are: - Honor: nodes without taints, along with
- tainted nodes for which the incoming pod has a toleration,
- are included. - Ignore: node taints are ignored. All nodes
- are included. \n If this value is nil, the behavior is
- equivalent to the Ignore policy. This is a beta-level
- feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- topologyKey:
- description: TopologyKey is the key of node labels. Nodes
- that have a label with this key and identical values are
- considered to be in the same topology. We consider each
- as a "bucket", and try to put balanced number
- of pods into each bucket. We define a domain as a particular
- instance of a topology. Also, we define an eligible domain
- as a domain whose nodes meet the requirements of nodeAffinityPolicy
- and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
- each Node is a domain of that topology. And, if TopologyKey
- is "topology.kubernetes.io/zone", each zone is a domain
- of that topology. It's a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how to deal with
- a pod if it doesn''t satisfy the spread constraint. -
- DoNotSchedule (default) tells the scheduler not to schedule
- it. - ScheduleAnyway tells the scheduler to schedule the
- pod in any location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint is considered
- "Unsatisfiable" for an incoming pod if and only if every
- possible node assignment for that pod would violate "MaxSkew"
- on some topology. For example, in a 3-zone cluster, MaxSkew
- is set to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule, incoming
- pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
- as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
- In other words, the cluster can still be imbalanced, but
- scheduler won''t make it *more* imbalanced. It''s a required
- field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: "List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes"
- items:
- description: Volume represents a named volume in a pod that
- may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: "awsElasticBlockStore represents an AWS Disk
- resource that is attached to a kubelet's host machine
- and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- properties:
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in the volume
- that you want to mount. If omitted, the default is
- to mount by volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly, the volume
- partition for /dev/sda is "0" (or you can leave the
- property empty).'
- format: int32
- type: integer
- readOnly:
- description: "readOnly value true will force the readOnly
- setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: boolean
- volumeID:
- description: "volumeID is unique ID of the persistent
- disk resource in AWS (Amazon EBS volume). More info:
- https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data Disk mount
- on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: "cachingMode is the Host Caching mode:
- None, Read Only, Read Write."
- type: string
- diskName:
- description: diskName is the Name of the data disk in
- the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk in the
- blob storage
- type: string
- fsType:
- description: fsType is Filesystem type to mount. Must
- be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- kind:
- description: "kind expected values are Shared: multiple
- blob disks per storage account Dedicated: single
- blob disk per storage account Managed: azure managed
- data disk (only in managed availability set). defaults
- to shared"
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File Service
- mount on the host and bind mount to the pod.
- properties:
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret that
- contains Azure Storage Account Name and Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on the host
- that shares a pod's lifetime
- properties:
- monitors:
- description: "monitors is Required: Monitors is a collection
- of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- items:
- type: string
- type: array
- path:
- description: "path is Optional: Used as the mounted
- root, rather than the full Ceph tree, default is /"
- type: string
- readOnly:
- description: "readOnly is Optional: Defaults to false
- (read/write). ReadOnly here will force the ReadOnly
- setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: boolean
- secretFile:
- description: "secretFile is Optional: SecretFile is
- the path to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- secretRef:
- description: "secretRef is Optional: SecretRef is reference
- to the authentication secret for User, default is
- empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is optional: User is the rados user
- name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: "cinder represents a cinder volume attached
- and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: "readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: boolean
- secretRef:
- description: "secretRef is optional: points to a secret
- object containing parameters used to connect to OpenStack."
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: "volumeID used to identify the volume in
- cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that should
- populate this volume
- properties:
- defaultMode:
- description: "defaultMode is optional: mode bits used
- to set permissions on created files by default. Must
- be an octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within the path
- are not affected by this setting. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set."
- format: int32
- type: integer
- items:
- description: items if unspecified, each key-value pair
- in the Data field of the referenced ConfigMap will
- be projected into the volume as a file whose name
- is the key and content is the value. If specified,
- the listed keys will be projected into the specified
- paths, and unlisted keys will not be present. If a
- key is specified which is not present in the ConfigMap,
- the volume setup will error unless it is marked optional.
- Paths must be relative and may not contain the '..'
- path or start with '..'.
- items:
- description: Maps a string key to a path within a
- volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits used
- to set permissions on this file. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal values
- for mode bits. If not specified, the volume
- defaultMode will be used. This might be in conflict
- with other options that affect the file mode,
- like fsGroup, and the result can be other mode
- bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path of the
- file to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: driver is the name of the CSI driver that
- handles this volume. Consult with your admin for the
- correct name as registered in the cluster.
- type: string
- fsType:
- description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
- If not provided, the empty value is passed to the
- associated CSI driver which will determine the default
- filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: nodePublishSecretRef is a reference to
- the secret object containing sensitive information
- to pass to the CSI driver to complete the CSI NodePublishVolume
- and NodeUnpublishVolume calls. This field is optional,
- and may be empty if no secret is required. If the
- secret object contains more than one secret, all secret
- references are passed.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: readOnly specifies a read-only configuration
- for the volume. Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI driver. Consult
- your driver's documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API about the
- pod that should populate this volume
- properties:
- defaultMode:
- description: "Optional: mode bits to use on created
- files by default. Must be a Optional: mode bits used
- to set permissions on created files by default. Must
- be an octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within the path
- are not affected by this setting. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set."
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume
- file
- items:
- description: DownwardAPIVolumeFile represents information
- to create the file containing the pod field
- properties:
- fieldRef:
- description: "Required: Selects a field of the
- pod: only annotations, labels, name and namespace
- are supported."
- properties:
- apiVersion:
- description: Version of the schema the FieldPath
- is written in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to select in
- the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode bits used to set
- permissions on this file, must be an octal value
- between 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. If not specified, the volume defaultMode
- will be used. This might be in conflict with
- other options that affect the file mode, like
- fsGroup, and the result can be other mode bits
- set."
- format: int32
- type: integer
- path:
- description: "Required: Path is the relative
- path name of the file to be created. Must not
- be absolute or contain the '..' path. Must
- be utf-8 encoded. The first item of the relative
- path must not start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, requests.cpu and requests.memory)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required for
- volumes, optional for env vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format of
- the exposed resources, defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: "emptyDir represents a temporary directory
- that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- properties:
- medium:
- description: 'medium represents what type of storage
- medium should back this directory. The default is
- "" which means to use the node''s default medium.
- Must be an empty string (default) or Memory. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: "sizeLimit is the total amount of local
- storage required for this EmptyDir volume. The size
- limit is also applicable for memory medium. The maximum
- usage on memory medium EmptyDir would be the minimum
- value between the SizeLimit specified here and the
- sum of memory limits of all containers in a pod. The
- default is nil which means that the limit is undefined.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "ephemeral represents a volume that is handled
- by a cluster storage driver. The volume's lifecycle is
- tied to the pod that defines it - it will be created before
- the pod starts, and deleted when the pod is removed. \n
- Use this if: a) the volume is only needed while the pod
- runs, b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c) the storage
- driver is specified through a storage class, and d) the
- storage driver supports dynamic volume provisioning through
- a PersistentVolumeClaim (see EphemeralVolumeSource for
- more information on the connection between this volume
- type and PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes that persist
- for longer than the lifecycle of an individual pod. \n
- Use CSI for light-weight local ephemeral volumes if the
- CSI driver is meant to be used that way - see the documentation
- of the driver for more information. \n A pod can use both
- types of ephemeral volumes and persistent volumes at the
- same time."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone PVC
- to provision the volume. The pod in which this EphemeralVolumeSource
- is embedded will be the owner of the PVC, i.e. the
- PVC will be deleted together with the pod. The name
- of the PVC will be `-` where
- `` is the name from the `PodSpec.Volumes`
- array entry. Pod validation will reject the pod if
- the concatenated name is not valid for a PVC (for
- example, too long). \n An existing PVC with that name
- that is not owned by the pod will *not* be used for
- the pod to avoid using an unrelated volume by mistake.
- Starting the pod is then blocked until the unrelated
- PVC is removed. If such a pre-created PVC is meant
- to be used by the pod, the PVC has to updated with
- an owner reference to the pod once the pod exists.
- Normally this should not be necessary, but it may
- be useful when manually reconstructing a broken cluster.
- \n This field is read-only and no changes will be
- made by Kubernetes to the PVC after it has been created.
- \n Required, must not be nil."
- properties:
- metadata:
- description: May contain labels and annotations
- that will be copied into the PVC when creating
- it. No other fields are allowed and will be rejected
- during validation.
- type: object
- spec:
- description: The specification for the PersistentVolumeClaim.
- The entire content is copied unchanged into the
- PVC that gets created from this template. The
- same fields as in a PersistentVolumeClaim are
- also valid here.
- properties:
- accessModes:
- description: "accessModes contains the desired
- access modes the volume should have. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"
- items:
- type: string
- type: array
- dataSource:
- description: "dataSource field can be used to
- specify either: * An existing VolumeSnapshot
- object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external controller
- can support the specified data source, it
- will create a new volume based on the contents
- of the specified data source. When the AnyVolumeDataSource
- feature gate is enabled, dataSource contents
- will be copied to dataSourceRef, and dataSourceRef
- contents will be copied to dataSource when
- dataSourceRef.namespace is not specified.
- If the namespace is specified, then dataSourceRef
- will not be copied to dataSource."
- properties:
- apiGroup:
- description: APIGroup is the group for the
- resource being referenced. If APIGroup
- is not specified, the specified Kind must
- be in the core API group. For any other
- third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource
- being referenced
- type: string
- name:
- description: Name is the name of resource
- being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: "dataSourceRef specifies the object
- from which to populate the volume with data,
- if a non-empty volume is desired. This may
- be any object from a non-empty API group (non
- core object) or a PersistentVolumeClaim object.
- When this field is specified, volume binding
- will only succeed if the type of the specified
- object matches some installed volume populator
- or dynamic provisioner. This field will replace
- the functionality of the dataSource field
- and as such if both fields are non-empty,
- they must have the same value. For backwards
- compatibility, when namespace isn't specified
- in dataSourceRef, both fields (dataSource
- and dataSourceRef) will be set to the same
- value automatically if one of them is empty
- and the other is non-empty. When namespace
- is specified in dataSourceRef, dataSource
- isn't set to the same value and must be empty.
- There are three important differences between
- dataSource and dataSourceRef: * While dataSource
- only allows two specific types of objects,
- dataSourceRef allows any non-core object,
- as well as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed values
- (dropping them), dataSourceRef preserves all
- values, and generates an error if a disallowed
- value is specified. * While dataSource only
- allows local objects, dataSourceRef allows
- objects in any namespaces. (Beta) Using this
- field requires the AnyVolumeDataSource feature
- gate to be enabled. (Alpha) Using the namespace
- field of dataSourceRef requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled."
- properties:
- apiGroup:
- description: APIGroup is the group for the
- resource being referenced. If APIGroup
- is not specified, the specified Kind must
- be in the core API group. For any other
- third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource
- being referenced
- type: string
- name:
- description: Name is the name of resource
- being referenced
- type: string
- namespace:
- description: Namespace is the namespace
- of resource being referenced Note that
- when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept
- the reference. See the ReferenceGrant
- documentation for details. (Alpha) This
- field requires the CrossNamespaceVolumeDataSource
- feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: "resources represents the minimum
- resources the volume should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed to specify
- resource requirements that are lower than
- previous value but must still be higher than
- capacity recorded in the status field of the
- claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources"
- properties:
- claims:
- description: "Claims lists the names of
- resources, defined in spec.resourceClaims,
- that are used by this container. \n This
- is an alpha field and requires enabling
- the DynamicResourceAllocation feature
- gate. \n This field is immutable. It can
- only be set for containers."
- items:
- description: ResourceClaim references
- one entry in PodSpec.ResourceClaims.
- properties:
- name:
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required.
- If Requests is omitted for a container,
- it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
- type: object
- type: object
- selector:
- description: selector is a label query over
- volumes to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: "storageClassName is the name of
- the StorageClass required by the claim. More
- info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1"
- type: string
- volumeMode:
- description: volumeMode defines what type of
- volume is required by the claim. Value of
- Filesystem is implied when not included in
- claim spec.
- type: string
- volumeName:
- description: volumeName is the binding reference
- to the PersistentVolume backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource that
- is attached to a kubelet's host machine and then exposed
- to the pod.
- properties:
- fsType:
- description: 'fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. TODO: how do we prevent
- errors in the filesystem from compromising the machine'
- type: string
- lun:
- description: "lun is Optional: FC target lun number"
- format: int32
- type: integer
- readOnly:
- description: "readOnly is Optional: Defaults to false
- (read/write). ReadOnly here will force the ReadOnly
- setting in VolumeMounts."
- type: boolean
- targetWWNs:
- description: "targetWWNs is Optional: FC target worldwide
- names (WWNs)"
- items:
- type: string
- type: array
- wwids:
- description: "wwids Optional: FC volume world wide identifiers
- (wwids) Either wwids or combination of targetWWNs
- and lun must be set, but not both simultaneously."
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: flexVolume represents a generic volume resource
- that is provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver to use
- for this volume.
- type: string
- fsType:
- description: fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". The default filesystem
- depends on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: "options is Optional: this field holds
- extra command options if any."
- type: object
- readOnly:
- description: "readOnly is Optional: defaults to false
- (read/write). ReadOnly here will force the ReadOnly
- setting in VolumeMounts."
- type: boolean
- secretRef:
- description: "secretRef is Optional: secretRef is reference
- to the secret object containing sensitive information
- to pass to the plugin scripts. This may be empty if
- no secret object is specified. If the secret object
- contains more than one secret, all secrets are passed
- to the plugin scripts."
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume attached
- to a kubelet's host machine. This depends on the Flocker
- control service being running
- properties:
- datasetName:
- description: datasetName is Name of the dataset stored
- as metadata -> name on the dataset for Flocker should
- be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the dataset.
- This is unique identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: "gcePersistentDisk represents a GCE Disk resource
- that is attached to a kubelet's host machine and then
- exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- properties:
- fsType:
- description: 'fsType is filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
- type: string
- partition:
- description: 'partition is the partition in the volume
- that you want to mount. If omitted, the default is
- to mount by volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly, the volume
- partition for /dev/sda is "0" (or you can leave the
- property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: "pdName is unique name of the PD resource
- in GCE. Used to identify the disk in GCE. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: "gitRepo represents a git repository at a particular
- revision. DEPRECATED: GitRepo is deprecated. To provision
- a container with a git repo, mount an EmptyDir into an
- InitContainer that clones the repo using git, then mount
- the EmptyDir into the Pod's container."
- properties:
- directory:
- description: directory is the target directory name.
- Must not contain or start with '..'. If '.' is supplied,
- the volume directory will be the git repository. Otherwise,
- if specified, the volume will contain the git repository
- in the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for the specified
- revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: "glusterfs represents a Glusterfs mount on
- the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md"
- properties:
- endpoints:
- description: "endpoints is the endpoint name that details
- Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- path:
- description: "path is the Glusterfs volume path. More
- info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: string
- readOnly:
- description: "readOnly here will force the Glusterfs
- volume to be mounted with read-only permissions. Defaults
- to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: "hostPath represents a pre-existing file or
- directory on the host machine that is directly exposed
- to the container. This is generally used for system agents
- or other privileged things that are allowed to see the
- host machine. Most containers will NOT need this. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who can use host
- directory mounts and who can/can not mount host directories
- as read/write."
- properties:
- path:
- description: "path of the directory on the host. If
- the path is a symlink, it will follow the link to
- the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
- type: string
- type:
- description: 'type for HostPath Volume Defaults to ""
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: "iscsi represents an ISCSI Disk resource that
- is attached to a kubelet's host machine and then exposed
- to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md"
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether support
- iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether support
- iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
- type: string
- initiatorName:
- description: initiatorName is the custom iSCSI Initiator
- Name. If initiatorName is specified with iscsiInterface
- simultaneously, new iSCSI interface : will be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: iscsiInterface is the interface Name that
- uses an iSCSI transport. Defaults to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: portals is the iSCSI Target Portal List.
- The portal is either an IP or ip_addr:port if the
- port is other than default (typically TCP ports 860
- and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: readOnly here will force the ReadOnly setting
- in VolumeMounts. Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for iSCSI
- target and initiator authentication
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: targetPortal is iSCSI Target Portal. The
- Portal is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports 860 and
- 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: "name of the volume. Must be a DNS_LABEL and
- unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
- type: string
- nfs:
- description: "nfs represents an NFS mount on the host that
- shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- properties:
- path:
- description: "path that is exported by the NFS server.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- readOnly:
- description: "readOnly here will force the NFS export
- to be mounted with read-only permissions. Defaults
- to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: boolean
- server:
- description: "server is the hostname or IP address of
- the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: "persistentVolumeClaimVolumeSource represents
- a reference to a PersistentVolumeClaim in the same namespace.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- properties:
- claimName:
- description: "claimName is the name of a PersistentVolumeClaim
- in the same namespace as the pod using this volume.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
- type: string
- readOnly:
- description: readOnly Will force the ReadOnly setting
- in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host
- machine
- properties:
- fsType:
- description: fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies Photon Controller
- persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx volume
- attached and mounted on kubelets host machine
- properties:
- fsType:
- description: fSType represents the filesystem type to
- mount Must be a filesystem type supported by the host
- operating system. Ex. "ext4", "xfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a Portworx
- volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources secrets,
- configmaps, and downward API
- properties:
- defaultMode:
- description: defaultMode are the mode bits used to set
- permissions on created files by default. Must be an
- octal value between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode bits.
- Directories within the path are not affected by this
- setting. This might be in conflict with other options
- that affect the file mode, like fsGroup, and the result
- can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected along
- with other supported volume types
- properties:
- configMap:
- description: configMap information about the configMap
- data to project
- properties:
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced
- ConfigMap will be projected into the volume
- as a file whose name is the key and content
- is the value. If specified, the listed keys
- will be projected into the specified paths,
- and unlisted keys will not be present. If
- a key is specified which is not present
- in the ConfigMap, the volume setup will
- error unless it is marked optional. Paths
- must be relative and may not contain the
- '..' path or start with '..'.
- items:
- description: Maps a string key to a path
- within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode
- bits used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal
- and decimal values, JSON requires
- decimal values for mode bits. If not
- specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the
- file mode, like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May
- not be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional specify whether the
- ConfigMap or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about the
- downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: "Required: Selects a field
- of the pod: only annotations, labels,
- name and namespace are supported."
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in terms
- of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field to
- select in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: "Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and
- 0777 or a decimal value between 0
- and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode,
- like fsGroup, and the result can be
- other mode bits set."
- format: int32
- type: integer
- path:
- description: "Required: Path is the
- relative path name of the file to
- be created. Must not be absolute or
- contain the '..' path. Must be utf-8
- encoded. The first item of the relative
- path must not start with '..'"
- type: string
- resourceFieldRef:
- description: "Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory)
- are currently supported."
- properties:
- containerName:
- description: "Container name: required
- for volumes, optional for env
- vars"
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: "Required: resource
- to select"
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about the secret
- data to project
- properties:
- items:
- description: items if unspecified, each key-value
- pair in the Data field of the referenced
- Secret will be projected into the volume
- as a file whose name is the key and content
- is the value. If specified, the listed keys
- will be projected into the specified paths,
- and unlisted keys will not be present. If
- a key is specified which is not present
- in the Secret, the volume setup will error
- unless it is marked optional. Paths must
- be relative and may not contain the '..'
- path or start with '..'.
- items:
- description: Maps a string key to a path
- within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode
- bits used to set permissions on this
- file. Must be an octal value between
- 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal
- and decimal values, JSON requires
- decimal values for mode bits. If not
- specified, the volume defaultMode
- will be used. This might be in conflict
- with other options that affect the
- file mode, like fsGroup, and the result
- can be other mode bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path
- of the file to map the key to. May
- not be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
- type: string
- optional:
- description: optional field specify whether
- the Secret or its key must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information
- about the serviceAccountToken data to project
- properties:
- audience:
- description: audience is the intended audience
- of the token. A recipient of a token must
- identify itself with an identifier specified
- in the audience of the token, and otherwise
- should reject the token. The audience defaults
- to the identifier of the apiserver.
- type: string
- expirationSeconds:
- description: expirationSeconds is the requested
- duration of validity of the service account
- token. As the token approaches expiration,
- the kubelet volume plugin will proactively
- rotate the service account token. The kubelet
- will start trying to rotate the token if
- the token is older than 80 percent of its
- time to live or if the token is older than
- 24 hours.Defaults to 1 hour and must be
- at least 10 minutes.
- format: int64
- type: integer
- path:
- description: path is the path relative to
- the mount point of the file to project the
- token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount on the host
- that shares a pod's lifetime
- properties:
- group:
- description: group to map volume access to Default is
- no group
- type: string
- readOnly:
- description: readOnly here will force the Quobyte volume
- to be mounted with read-only permissions. Defaults
- to false.
- type: boolean
- registry:
- description: registry represents a single or multiple
- Quobyte Registry services specified as a string as
- host:port pair (multiple entries are separated with
- commas) which acts as the central registry for volumes
- type: string
- tenant:
- description: tenant owning the given Quobyte volume
- in the Backend Used with dynamically provisioned Quobyte
- volumes, value is set by the plugin
- type: string
- user:
- description: user to map volume access to Defaults to
- serivceaccount user
- type: string
- volume:
- description: volume is a string that references an already
- created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: "rbd represents a Rados Block Device mount
- on the host that shares a pod's lifetime. More info:
- https://examples.k8s.io/volumes/rbd/README.md"
- properties:
- fsType:
- description: 'fsType is the filesystem type of the volume
- that you want to mount. Tip: Ensure that the filesystem
- type is supported by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from
- compromising the machine'
- type: string
- image:
- description: "image is the rados image name. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- keyring:
- description: "keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- monitors:
- description: "monitors is a collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- items:
- type: string
- type: array
- pool:
- description: "pool is the rados pool name. Default is
- rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- readOnly:
- description: "readOnly here will force the ReadOnly
- setting in VolumeMounts. Defaults to false. More info:
- https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: boolean
- secretRef:
- description: "secretRef is name of the authentication
- secret for RBDUser. If provided overrides keyring.
- Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: "user is the rados user name. Default is
- admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of the ScaleIO
- API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of the ScaleIO
- Protection Domain for the configured storage.
- type: string
- readOnly:
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef references to the secret for
- ScaleIO user and other sensitive information. If this
- is not provided, Login operation will fail.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable SSL communication
- with Gateway, default false
- type: boolean
- storageMode:
- description: storageMode indicates whether the storage
- for a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage Pool
- associated with the protection domain.
- type: string
- system:
- description: system is the name of the storage system
- as configured in ScaleIO.
- type: string
- volumeName:
- description: volumeName is the name of a volume already
- created in the ScaleIO system that is associated with
- this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: "secret represents a secret that should populate
- this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- properties:
- defaultMode:
- description: "defaultMode is Optional: mode bits used
- to set permissions on created files by default. Must
- be an octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within the path
- are not affected by this setting. This might be in
- conflict with other options that affect the file mode,
- like fsGroup, and the result can be other mode bits
- set."
- format: int32
- type: integer
- items:
- description: items If unspecified, each key-value pair
- in the Data field of the referenced Secret will be
- projected into the volume as a file whose name is
- the key and content is the value. If specified, the
- listed keys will be projected into the specified paths,
- and unlisted keys will not be present. If a key is
- specified which is not present in the Secret, the
- volume setup will error unless it is marked optional.
- Paths must be relative and may not contain the '..'
- path or start with '..'.
- items:
- description: Maps a string key to a path within a
- volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: "mode is Optional: mode bits used
- to set permissions on this file. Must be an
- octal value between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal values
- for mode bits. If not specified, the volume
- defaultMode will be used. This might be in conflict
- with other options that affect the file mode,
- like fsGroup, and the result can be other mode
- bits set."
- format: int32
- type: integer
- path:
- description: path is the relative path of the
- file to map the key to. May not be an absolute
- path. May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether the Secret
- or its keys must be defined
- type: boolean
- secretName:
- description: "secretName is the name of the secret in
- the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume attached
- and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef specifies the secret to use for
- obtaining the StorageOS API credentials. If not specified,
- default values will be attempted.
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: volumeName is the human-readable name of
- the StorageOS volume. Volume names are only unique
- within a namespace.
- type: string
- volumeNamespace:
- description: volumeNamespace specifies the scope of
- the volume within StorageOS. If no namespace is specified
- then the Pod's namespace will be used. This allows
- the Kubernetes name scoping to be mirrored within
- StorageOS for tighter integration. Set VolumeName
- to any name to override the default behaviour. Set
- to "default" if you are not using namespaces within
- StorageOS. Namespaces that do not pre-exist within
- StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere volume attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is filesystem type to mount. Must
- be a filesystem type supported by the host operating
- system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage Policy Based
- Management (SPBM) profile ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage Policy
- Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies
- vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- type: object
- resources:
- description: Resources workflow resources that are linked to this
- workflow definition. For example, a collection of OpenAPI specification
- files.
- properties:
- configMaps:
- items:
- description: ConfigMapWorkflowResource ConfigMap local reference
- holding one or more workflow resources, such as OpenAPI files
- that will be mounted in the workflow application.
- properties:
- configMap:
- description: ConfigMap the given configMap name in the same
- workflow context to find the resource
- properties:
- name:
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
- type: string
- type: object
- x-kubernetes-map-type: atomic
- workflowPath:
- description: WorkflowPath path relative to the workflow
- application root file system within the pod (//src/main/resources). Starting trailing slashes will
- be removed.
- type: string
- required:
- - configMap
- type: object
- type: array
- type: object
- sink:
- description: Sink describes the sinkBinding details of this SonataFlow
- instance.
- properties:
- CACerts:
- description: CACerts are Certification Authority (CA) certificates
- in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
- If set, these CAs are appended to the set of CAs provided by
- the Addressable target, if any.
- type: string
- ref:
- description: Ref points to an Addressable.
- properties:
- address:
- description: Address points to a specific Address Name.
- type: string
- apiVersion:
- description: API version of the referent.
- type: string
- group:
- description: "Group of the API, without the version of the
- group. This can be used as an alternative to the APIVersion,
- and then resolved using ResolveGroup. Note: This API is
- EXPERIMENTAL and might break anytime. For more details:
- https://github.com/knative/eventing/issues/5086"
- type: string
- kind:
- description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
- type: string
- name:
- description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
- type: string
- namespace:
- description:
- "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
- This is optional field, it gets defaulted to the object
- holding it if left out."
- type: string
- required:
- - kind
- - name
- type: object
- uri:
- description: URI can be an absolute URL(non-empty scheme and non-empty
- host) pointing to the target or a relative URI. Relative URIs
- will be resolved using the base URI retrieved from Ref.
- type: string
- type: object
- required:
- - flow
- type: object
- status:
- description: SonataFlowStatus defines the observed state of SonataFlow
- properties:
- address:
- description: Address is used as a part of Addressable interface (status.address.url)
- for knative
- properties:
- CACerts:
- description: CACerts is the Certification Authority (CA) certificates
- in PEM format according to https://www.rfc-editor.org/rfc/rfc7468.
- type: string
- name:
- description: Name is the name of the address.
- type: string
- url:
- type: string
- type: object
- conditions:
- description: The latest available observations of a resource's current
- state.
- items:
- description: Condition describes the common structure for conditions
- in our types
- properties:
- lastUpdateTime:
- description: The last time this condition was updated.
- format: date-time
- type: string
- message:
- description: A human-readable message indicating details about
- the transition.
- type: string
- reason:
- description: The reason for the condition's last transition.
- type: string
- status:
- description: Status of the condition, one of True, False, Unknown.
- type: string
- type:
- description: Type condition for the given object
- type: string
- required:
- - status
- - type
- type: object
- type: array
- endpoint:
- description: Endpoint is an externally accessible URL of the workflow
- type: string
- lastTimeRecoverAttempt:
- format: date-time
- type: string
- observedGeneration:
- description: The generation observed by the deployment controller.
- format: int64
- type: integer
- recoverFailureAttempts:
- description: keeps track of how many failure recovers a given workflow
- had so far
- type: integer
- services:
- description: Services displays which platform services are being used
- by this workflow
- properties:
- dataIndexRef:
- description: DataIndexRef displays information on the cluster-wide
- Data Index service
- properties:
- url:
- description: Url displays the base url of the service
- type: string
- type: object
- jobServiceRef:
- description: JobServiceRef displays information on the cluster-wide
- Job Service
- properties:
- url:
- description: Url displays the base url of the service
- type: string
- type: object
- type: object
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
diff --git a/packages/sonataflow-operator/config/crd/kustomization.yaml b/packages/sonataflow-operator/config/crd/kustomization.yaml
index 05236be9636..0e5ea5df26a 100644
--- a/packages/sonataflow-operator/config/crd/kustomization.yaml
+++ b/packages/sonataflow-operator/config/crd/kustomization.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
diff --git a/packages/sonataflow-operator/config/crd/kustomizeconfig.yaml b/packages/sonataflow-operator/config/crd/kustomizeconfig.yaml
index a8064f7d643..ba9fbc511b1 100644
--- a/packages/sonataflow-operator/config/crd/kustomizeconfig.yaml
+++ b/packages/sonataflow-operator/config/crd/kustomizeconfig.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
diff --git a/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowbuilds.yaml b/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowbuilds.yaml
index 1ab7b19e09f..de189658c64 100644
--- a/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowbuilds.yaml
+++ b/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowbuilds.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowclusterplatforms.yaml b/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowclusterplatforms.yaml
index 64972e86dae..4c7092f3dab 100644
--- a/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowclusterplatforms.yaml
+++ b/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowclusterplatforms.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowplatforms.yaml b/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowplatforms.yaml
index c8fa2b1f71e..61b0f84649e 100644
--- a/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowplatforms.yaml
+++ b/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflowplatforms.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflows.yaml b/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflows.yaml
index 571864a6b14..d3870e1cea6 100644
--- a/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflows.yaml
+++ b/packages/sonataflow-operator/config/crd/patches/cainjection_in_sonataflows.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowbuilds.yaml b/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowbuilds.yaml
index 38d25e0c9e8..f8a190fd71c 100644
--- a/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowbuilds.yaml
+++ b/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowbuilds.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The following patch enables a conversion webhook for the CRD
apiVersion: apiextensions.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowclusterplatforms.yaml b/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowclusterplatforms.yaml
index 7e1caf3e1d4..4cbda4bb746 100644
--- a/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowclusterplatforms.yaml
+++ b/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowclusterplatforms.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The following patch enables a conversion webhook for the CRD
apiVersion: apiextensions.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowplatforms.yaml b/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowplatforms.yaml
index b1b82bdea9e..f805d597bff 100644
--- a/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowplatforms.yaml
+++ b/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflowplatforms.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The following patch enables a conversion webhook for the CRD
apiVersion: apiextensions.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflows.yaml b/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflows.yaml
index 1eddbd8de0c..ce6cf83ff3b 100644
--- a/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflows.yaml
+++ b/packages/sonataflow-operator/config/crd/patches/webhook_in_sonataflows.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The following patch enables a conversion webhook for the CRD
apiVersion: apiextensions.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/default/controllers_config_patch.yaml b/packages/sonataflow-operator/config/default/controllers_config_patch.yaml
index 6bcee472be8..00a2b5c23cb 100644
--- a/packages/sonataflow-operator/config/default/controllers_config_patch.yaml
+++ b/packages/sonataflow-operator/config/default/controllers_config_patch.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: apps/v1
kind: Deployment
@@ -31,7 +29,6 @@ spec:
- name: controllers-config
mountPath: /config/controllers_cfg.yaml
subPath: controllers_cfg.yaml
- imagePullPolicy: IfNotPresent
- name: controllers-config
diff --git a/packages/sonataflow-operator/config/default/kustomization.yaml b/packages/sonataflow-operator/config/default/kustomization.yaml
index fb29a81f184..a37d8452040 100644
--- a/packages/sonataflow-operator/config/default/kustomization.yaml
+++ b/packages/sonataflow-operator/config/default/kustomization.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Adds namespace to all resources.
namespace: sonataflow-operator-system
@@ -31,10 +29,6 @@ namePrefix: sonataflow-operator-
# someName: someValue
- - ../crd
- - ../rbac
- - ../manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- ../webhook
@@ -43,18 +37,15 @@ bases:
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
- # Protect the /metrics endpoint by putting it behind auth.
- # If you want your controller-manager to expose the /metrics
- # endpoint w/o any authn/z, please comment the following line.
- - manager_auth_proxy_patch.yaml
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
- # Mount the controller config file for loading manager configurations
- # through a ComponentConfig type
- #- manager_config_patch.yaml
+# Mount the controller config file for loading manager configurations
+# through a ComponentConfig type
+#- manager_config_patch.yaml
- # Mount the custom controllers config
- - controllers_config_patch.yaml
+# Mount the custom controllers config
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
@@ -66,31 +57,12 @@ patchesStrategicMerge:
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-# objref:
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# name: serving-cert # this name should match the one in certificate.yaml
-# fieldref:
-# fieldpath: metadata.namespace
-# objref:
-# kind: Certificate
-# group: cert-manager.io
-# version: v1
-# name: serving-cert # this name should match the one in certificate.yaml
-#- name: SERVICE_NAMESPACE # namespace of the service
-# objref:
-# kind: Service
-# version: v1
-# name: webhook-service
-# fieldref:
-# fieldpath: metadata.namespace
-#- name: SERVICE_NAME
-# objref:
-# kind: Service
-# version: v1
-# name: webhook-service
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+ - ../crd
+ - ../rbac
+ - ../manager
+ - path: manager_auth_proxy_patch.yaml
+ - path: controllers_config_patch.yaml
diff --git a/packages/sonataflow-operator/config/default/manager_auth_proxy_patch.yaml b/packages/sonataflow-operator/config/default/manager_auth_proxy_patch.yaml
index 382be8346ed..45c9e537670 100644
--- a/packages/sonataflow-operator/config/default/manager_auth_proxy_patch.yaml
+++ b/packages/sonataflow-operator/config/default/manager_auth_proxy_patch.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
@@ -29,7 +27,7 @@ spec:
- name: kube-rbac-proxy
- image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
- "--secure-listen-address="
- "--upstream="
diff --git a/packages/sonataflow-operator/config/default/manager_config_patch.yaml b/packages/sonataflow-operator/config/default/manager_config_patch.yaml
index 904c4257766..24904fa050c 100644
--- a/packages/sonataflow-operator/config/default/manager_config_patch.yaml
+++ b/packages/sonataflow-operator/config/default/manager_config_patch.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: apps/v1
kind: Deployment
@@ -33,7 +31,6 @@ spec:
- name: manager-config
mountPath: /controller_manager_config.yaml
subPath: controller_manager_config.yaml
- imagePullPolicy: IfNotPresent
- name: manager-config
diff --git a/packages/sonataflow-operator/config/manager/SonataFlow-Builder.containerfile b/packages/sonataflow-operator/config/manager/SonataFlow-Builder.containerfile
index 5a6b1df39ae..892d1bdca12 100644
--- a/packages/sonataflow-operator/config/manager/SonataFlow-Builder.containerfile
+++ b/packages/sonataflow-operator/config/manager/SonataFlow-Builder.containerfile
@@ -1,22 +1,4 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
FROM docker.io/apache/incubator-kie-sonataflow-builder:main AS builder
-# This image name and tag is auto-replaced using environment variables during install, don't touch.
# variables that can be overridden by the builder
# To add a Quarkus extension to your application
@@ -30,14 +12,14 @@ ARG MAVEN_ARGS_APPEND
COPY --chown=1001 . ./resources
RUN /home/kogito/launch/build-app.sh ./resources
# Runtime Run
FROM registry.access.redhat.com/ubi9/openjdk-17-runtime:latest
# We make four distinct layers so if there are application changes the library layers can be re-used
COPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/lib/ /deployments/lib/
COPY --from=builder --chown=185 /home/kogito/serverless-workflow-project/target/quarkus-app/*.jar /deployments/
diff --git a/packages/sonataflow-operator/config/manager/controller_manager_config.yaml b/packages/sonataflow-operator/config/manager/controller_manager_config.yaml
index 869f5e3f7df..e980554b652 100644
--- a/packages/sonataflow-operator/config/manager/controller_manager_config.yaml
+++ b/packages/sonataflow-operator/config/manager/controller_manager_config.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
diff --git a/packages/sonataflow-operator/config/manager/controllers_cfg.yaml b/packages/sonataflow-operator/config/manager/controllers_cfg.yaml
index b81bca7f69e..f8abea9db6a 100644
--- a/packages/sonataflow-operator/config/manager/controllers_cfg.yaml
+++ b/packages/sonataflow-operator/config/manager/controllers_cfg.yaml
@@ -25,11 +25,11 @@ kanikoDefaultWarmerImageTag: gcr.io/kaniko-project/warmer:v1.9.0
# Default image used internally by the Operator Managed Kaniko builder to create the executor pods
kanikoExecutorImageTag: gcr.io/kaniko-project/executor:v1.9.0
# The Jobs Service image to use, if empty the operator will use the default Apache Community one based on the current operator's version
-jobsServicePostgreSQLImageTag: ""
-jobsServiceEphemeralImageTag: ""
+jobsServicePostgreSQLImageTag: "docker.io/apache/incubator-kie-kogito-jobs-service-postgresql:main"
+jobsServiceEphemeralImageTag: "docker.io/apache/incubator-kie-kogito-jobs-service-ephemeral:main"
# The Data Index image to use, if empty the operator will use the default Apache Community one based on the current operator's version
-dataIndexPostgreSQLImageTag: ""
-dataIndexEphemeralImageTag: ""
+dataIndexPostgreSQLImageTag: "docker.io/apache/incubator-kie-kogito-data-index-postgresql:main"
+dataIndexEphemeralImageTag: "docker.io/apache/incubator-kie-kogito-data-index-ephemeral:main"
# SonataFlow base builder image used in the internal Dockerfile to build workflow applications in preview profile
# Order of precedence is:
# 1. SonataFlowPlatform in the given namespace
@@ -37,9 +37,29 @@ dataIndexEphemeralImageTag: ""
# 3. The FROM in the Dockerfile in the operator's namespace "sonataflow-operator-builder-config" configMap.
# If 1 or 2, the FROM tag will be replaced by the tag se there.
# If empty the operator will use the default Apache Community one based on the current operator's version.
-sonataFlowBaseBuilderImageTag: ""
+sonataFlowBaseBuilderImageTag: "docker.io/apache/incubator-kie-sonataflow-builder:main"
# The image to use to deploy SonataFlow workflow images in devmode profile.
# If empty the operator will use the default Apache Community one based on the current operator's version.
-sonataFlowDevModeImageTag: ""
+sonataFlowDevModeImageTag: "docker.io/apache/incubator-kie-sonataflow-devmode:main"
# The default name of the builder configMap in the operator's namespace
builderConfigMapName: "sonataflow-operator-builder-config"
+# Quarkus extensions required for workflows persistence. These extensions are used by the SonataFlow build system,
+# in cases where the workflow being built has configured postgresql persistence.
+ - groupId: io.quarkus
+ artifactId: quarkus-jdbc-postgresql
+ version: 3.8.6
+ - groupId: io.quarkus
+ artifactId: quarkus-agroal
+ version: 3.8.6
+ - groupId: org.kie
+ artifactId: kie-addons-quarkus-persistence-jdbc
+ version: 999-20241016-SNAPSHOT
+# If true, the workflow deployments will be configured to send accumulated workflow status change events to the Data
+# Index Service reducing the number of produced events. Set to false to send individual events.
+kogitoEventsGrouping: true
+# If true, the accumulated workflow status change events will be sent in binary mode. (reduces the evens size)
+kogitoEventsGroupingBinary: true
+# If true, the accumulated workflow status change events, when sent in binary mode, will be gzipped at the cost of
+# some performance.
+kogitoEventsGroupingCompress: false
diff --git a/packages/sonataflow-operator/config/manager/kustomization.yaml b/packages/sonataflow-operator/config/manager/kustomization.yaml
index 3bc4f52c6a9..0c430ec01b1 100644
--- a/packages/sonataflow-operator/config/manager/kustomization.yaml
+++ b/packages/sonataflow-operator/config/manager/kustomization.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
- manager.yaml
@@ -43,7 +41,7 @@ images:
newName: docker.io/apache/incubator-kie-sonataflow-operator
newTag: main
# Patching the manager deployment file to add an env var with the operator namespace in
- patch: |-
- op: add
path: /spec/template/spec/containers/0/env
diff --git a/packages/sonataflow-operator/config/manager/manager.yaml b/packages/sonataflow-operator/config/manager/manager.yaml
index e6c63a45d7b..fa3870754d2 100644
--- a/packages/sonataflow-operator/config/manager/manager.yaml
+++ b/packages/sonataflow-operator/config/manager/manager.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: Namespace
@@ -31,6 +29,7 @@ metadata:
namespace: system
control-plane: sonataflow-operator
+ app.kubernetes.io/name: sonataflow-operator
@@ -74,9 +73,9 @@ spec:
cpu: 500m
- memory: 128Mi
+ memory: 500Mi
- cpu: 10m
- memory: 64Mi
+ cpu: 100m
+ memory: 200Mi
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10
diff --git a/packages/sonataflow-operator/config/manifests/bases/sonataflow-operator.clusterserviceversion.yaml b/packages/sonataflow-operator/config/manifests/bases/sonataflow-operator.clusterserviceversion.yaml
index 7357896e7dd..43e9be99748 100644
--- a/packages/sonataflow-operator/config/manifests/bases/sonataflow-operator.clusterserviceversion.yaml
+++ b/packages/sonataflow-operator/config/manifests/bases/sonataflow-operator.clusterserviceversion.yaml
@@ -27,7 +27,7 @@ metadata:
based on the CNCF Serverless Workflow specification
operators.operatorframework.io/internal-objects: '["sonataflowbuilds.sonataflow.org"]'
repository: https://github.com/apache/incubator-kie-tools/packages/sonataflow-operator
- support: Red Hat
+ support: Apache KIE
name: sonataflow-operator.v0.0.0
namespace: placeholder
@@ -36,7 +36,7 @@ spec:
- description: SonataFlowBuild is an internal custom resource to control workflow
build instances in the target platform
- displayName: Sonata Flow Build
+ displayName: SonataFlowBuild
kind: SonataFlowBuild
name: sonataflowbuilds.sonataflow.org
@@ -83,7 +83,7 @@ spec:
version: v1alpha08
- description: SonataFlowClusterPlatform is the Schema for the sonataflowclusterplatforms
- displayName: Sonata Flow Cluster Platform
+ displayName: SonataFlowClusterPlatform
kind: SonataFlowClusterPlatform
name: sonataflowclusterplatforms.sonataflow.org
@@ -112,7 +112,7 @@ spec:
version: v1alpha08
- description: SonataFlowPlatform is the descriptor for the workflow platform
- displayName: Sonata Flow Platform
+ displayName: SonataFlowPlatform
kind: SonataFlowPlatform
name: sonataflowplatforms.sonataflow.org
@@ -149,6 +149,11 @@ spec:
no build required)
displayName: DevMode
path: devMode
+ - description: Broker to communicate with workflow deployment. It can be the
+ default broker when the workflow, Dataindex, or Jobservice does not have
+ a sink or source specified.
+ displayName: broker
+ path: eventing.broker
- description: "Services attributes for deploying supporting applications like
Data Index & Job Service. Only workflows without the `sonataflow.org/profile:
dev` annotation will be configured to use these service(s). Setting this
@@ -173,22 +178,28 @@ spec:
displayName: clusterPlatformRef
path: clusterPlatformRef
- - description: Info generic information related to the build
+ - description: Info generic information related to the Platform
displayName: info
path: info
+ - description: Triggers list of triggers created for the SonataFlowPlatform
+ displayName: triggers
+ path: triggers
- description: Version the operator version controlling this Platform
displayName: version
path: version
version: v1alpha08
- description: SonataFlow is the descriptor representation for a workflow application
based on the CNCF Serverless Workflow specification.
- displayName: Sonata Flow
+ displayName: SonataFlow
kind: SonataFlow
name: sonataflows.sonataflow.org
- kind: Deployment
name: A Deployment for the Flow
version: apps/v1
+ - kind: Service
+ name: A Knative Serving Service for the Flow
+ version: serving.knative.dev/v1
- kind: Service
name: A Service for the Flow
version: v1
@@ -216,6 +227,10 @@ spec:
- description: Sink describes the sinkBinding details of this SonataFlow instance.
displayName: sink
path: sink
+ - description: Sources describes the list of sources used to create triggers
+ for events consumed by this SonataFlow instance.
+ displayName: sources
+ path: sources
- description: Address is used as a part of Addressable interface (status.address.url)
for knative
@@ -224,8 +239,13 @@ spec:
- description: Endpoint is an externally accessible URL of the workflow
displayName: endpoint
path: endpoint
+ - displayName: flowRevision
+ path: flowCRC
- displayName: lastTimeRecoverAttempt
path: lastTimeRecoverAttempt
+ - description: Platform displays which platform is being used by this workflow
+ displayName: platform
+ path: platform
- description: keeps track of how many failure recovers a given workflow had
so far
displayName: recoverFailureAttempts
@@ -234,6 +254,9 @@ spec:
displayName: services
path: services
+ - description: Triggers list of triggers created for the SonataFlow
+ displayName: triggers
+ path: triggers
version: v1alpha08
description: |-
SonataFlow Kubernetes Operator for deploying workflow applications
@@ -264,10 +287,10 @@ spec:
- name: Product Page
url: https://sonataflow.org/serverlessworkflow/latest/index.html
- - email: bsig-cloud@redhat.com
- name: Red Hat
+ - email: dev@kie.apache.org
+ name: Apache KIE
maturity: alpha
minKubeVersion: 1.23.0
- name: Red Hat
+ name: Apache KIE
version: 0.0.0
diff --git a/packages/sonataflow-operator/config/manifests/kustomization.yaml b/packages/sonataflow-operator/config/manifests/kustomization.yaml
index 2ce4a69188f..e5af175b5ce 100644
--- a/packages/sonataflow-operator/config/manifests/kustomization.yaml
+++ b/packages/sonataflow-operator/config/manifests/kustomization.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# These resources constitute the fully configured set of manifests
# used to generate the 'manifests/' directory in a bundle.
@@ -27,7 +25,7 @@ resources:
# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix.
# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager.
# These patches remove the unnecessary "cert" volume and its manager container volumeMount.
#- target:
# group: apps
# version: v1
diff --git a/packages/sonataflow-operator/config/prometheus/kustomization.yaml b/packages/sonataflow-operator/config/prometheus/kustomization.yaml
index 230f13a0b42..580badef727 100644
--- a/packages/sonataflow-operator/config/prometheus/kustomization.yaml
+++ b/packages/sonataflow-operator/config/prometheus/kustomization.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
- monitor.yaml
diff --git a/packages/sonataflow-operator/config/prometheus/monitor.yaml b/packages/sonataflow-operator/config/prometheus/monitor.yaml
index 03dffb7163e..472617f9e29 100644
--- a/packages/sonataflow-operator/config/prometheus/monitor.yaml
+++ b/packages/sonataflow-operator/config/prometheus/monitor.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
diff --git a/packages/sonataflow-operator/config/rbac/auth_proxy_client_clusterrole.yaml b/packages/sonataflow-operator/config/rbac/auth_proxy_client_clusterrole.yaml
index 3c02823ef56..d9e12e6a7b0 100644
--- a/packages/sonataflow-operator/config/rbac/auth_proxy_client_clusterrole.yaml
+++ b/packages/sonataflow-operator/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
diff --git a/packages/sonataflow-operator/config/rbac/auth_proxy_role.yaml b/packages/sonataflow-operator/config/rbac/auth_proxy_role.yaml
index cb9d8fedd2b..42f1a18cacc 100644
--- a/packages/sonataflow-operator/config/rbac/auth_proxy_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/auth_proxy_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
diff --git a/packages/sonataflow-operator/config/rbac/auth_proxy_role_binding.yaml b/packages/sonataflow-operator/config/rbac/auth_proxy_role_binding.yaml
index 17e4c11a5d8..1d170e0a852 100644
--- a/packages/sonataflow-operator/config/rbac/auth_proxy_role_binding.yaml
+++ b/packages/sonataflow-operator/config/rbac/auth_proxy_role_binding.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
diff --git a/packages/sonataflow-operator/config/rbac/auth_proxy_service.yaml b/packages/sonataflow-operator/config/rbac/auth_proxy_service.yaml
index 54f3b68dbde..be8c20ae599 100644
--- a/packages/sonataflow-operator/config/rbac/auth_proxy_service.yaml
+++ b/packages/sonataflow-operator/config/rbac/auth_proxy_service.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: Service
diff --git a/packages/sonataflow-operator/config/rbac/builder_role.yaml b/packages/sonataflow-operator/config/rbac/builder_role.yaml
index a71614f856c..128a3735556 100644
--- a/packages/sonataflow-operator/config/rbac/builder_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/builder_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
@@ -85,33 +83,3 @@ rules:
- patch
- update
- watch
- - apiGroups:
- - eventing.knative.dev
- resources:
- - triggers
- - triggers/status
- - triggers/finalizers
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - sources.knative.dev
- resources:
- - sinkbindings
- - sinkbindings/status
- - sinkbindings/finalizers
- verbs:
- - create
- - delete
- - deletecollection
- - get
- - list
- - patch
- - update
- - watch
diff --git a/packages/sonataflow-operator/config/rbac/builder_role_binding.yaml b/packages/sonataflow-operator/config/rbac/builder_role_binding.yaml
index 6896e987b15..d67f0998eb3 100644
--- a/packages/sonataflow-operator/config/rbac/builder_role_binding.yaml
+++ b/packages/sonataflow-operator/config/rbac/builder_role_binding.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
diff --git a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-sonataflowclusterplatform-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/packages/sonataflow-operator/config/rbac/knative_role.yaml
similarity index 58%
rename from packages/sonataflow-operator/bundle/manifests/sonataflow-operator-sonataflowclusterplatform-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml
rename to packages/sonataflow-operator/config/rbac/knative_role.yaml
index 5a9fb372f69..a7c3beedea2 100644
--- a/packages/sonataflow-operator/bundle/manifests/sonataflow-operator-sonataflowclusterplatform-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml
+++ b/packages/sonataflow-operator/config/rbac/knative_role.yaml
@@ -15,30 +15,55 @@
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
- creationTimestamp: null
- labels:
- app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: sonataflow-operator
- app.kubernetes.io/instance: sonataflowclusterplatform-viewer-role
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/name: clusterrole
- app.kubernetes.io/part-of: sonataflow-operator
- name: sonataflow-operator-sonataflowclusterplatform-viewer-role
+ name: knative-manager-role
- apiGroups:
- - sonataflow.org
+ - eventing.knative.dev
- - sonataflowclusterplatforms
+ - triggers
+ - triggers/status
+ - triggers/finalizers
+ - create
+ - delete
+ - deletecollection
- get
- list
+ - patch
+ - update
- watch
- apiGroups:
- - sonataflow.org
+ - sources.knative.dev
- - sonataflowclusterplatforms/status
+ - sinkbindings
+ - sinkbindings/status
+ - sinkbindings/finalizers
+ - create
+ - delete
+ - deletecollection
- get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - serving.knative.dev
+ resources:
+ - service
+ - services
+ - services/status
+ - services/finalizers
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
diff --git a/packages/sonataflow-operator/tekton/role/cluster_role_binding.yaml b/packages/sonataflow-operator/config/rbac/knative_role_binding.yaml
similarity index 87%
rename from packages/sonataflow-operator/tekton/role/cluster_role_binding.yaml
rename to packages/sonataflow-operator/config/rbac/knative_role_binding.yaml
index 1929c626449..ba0b4e3ef67 100644
--- a/packages/sonataflow-operator/tekton/role/cluster_role_binding.yaml
+++ b/packages/sonataflow-operator/config/rbac/knative_role_binding.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,17 +14,17 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
- name: tekton-clustermanger-role-binding
+ name: knative-manager-rolebinding
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: tekton-clustermanger-role
+ name: knative-manager-role
- kind: ServiceAccount
- name: pipeline
- namespace: sonataflow-operator-system
+ name: controller-manager
+ namespace: system
diff --git a/packages/sonataflow-operator/config/rbac/kustomization.yaml b/packages/sonataflow-operator/config/rbac/kustomization.yaml
index 190d383d778..53be7b1f2c1 100644
--- a/packages/sonataflow-operator/config/rbac/kustomization.yaml
+++ b/packages/sonataflow-operator/config/rbac/kustomization.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# All RBAC will be applied under this service account in
@@ -36,6 +34,8 @@ resources:
- operator_role_binding_leases.yaml
- service_discovery_role.yaml
- service_discovery_role_binding.yaml
+ - knative_role.yaml
+ - knative_role_binding.yaml
# Comment the following 4 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
diff --git a/packages/sonataflow-operator/config/rbac/leader_election_role.yaml b/packages/sonataflow-operator/config/rbac/leader_election_role.yaml
index 6658bb43a49..8b0d6799900 100644
--- a/packages/sonataflow-operator/config/rbac/leader_election_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/leader_election_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/leader_election_role_binding.yaml b/packages/sonataflow-operator/config/rbac/leader_election_role_binding.yaml
index 103212b4946..9131cd73d37 100644
--- a/packages/sonataflow-operator/config/rbac/leader_election_role_binding.yaml
+++ b/packages/sonataflow-operator/config/rbac/leader_election_role_binding.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
diff --git a/packages/sonataflow-operator/config/rbac/openshift_role.yaml b/packages/sonataflow-operator/config/rbac/openshift_role.yaml
index e10968814a7..a436fcd3417 100644
--- a/packages/sonataflow-operator/config/rbac/openshift_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/openshift_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/openshift_role_binding.yaml b/packages/sonataflow-operator/config/rbac/openshift_role_binding.yaml
index 111c70ae495..628b9673145 100644
--- a/packages/sonataflow-operator/config/rbac/openshift_role_binding.yaml
+++ b/packages/sonataflow-operator/config/rbac/openshift_role_binding.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
diff --git a/packages/sonataflow-operator/config/rbac/operator_role_binding_leases.yaml b/packages/sonataflow-operator/config/rbac/operator_role_binding_leases.yaml
index e574a272a05..f258ef7d1a4 100644
--- a/packages/sonataflow-operator/config/rbac/operator_role_binding_leases.yaml
+++ b/packages/sonataflow-operator/config/rbac/operator_role_binding_leases.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/operator_role_leases.yaml b/packages/sonataflow-operator/config/rbac/operator_role_leases.yaml
index c7816443f12..23d4f6a69d0 100644
--- a/packages/sonataflow-operator/config/rbac/operator_role_leases.yaml
+++ b/packages/sonataflow-operator/config/rbac/operator_role_leases.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/role.yaml b/packages/sonataflow-operator/config/rbac/role.yaml
index 0cc9ef3d4ca..13184ed8ca5 100644
--- a/packages/sonataflow-operator/config/rbac/role.yaml
+++ b/packages/sonataflow-operator/config/rbac/role.yaml
@@ -19,90 +19,33 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
- creationTimestamp: null
name: manager-role
- apiGroups:
- - sonataflow.org
+ - monitoring.coreos.com
- - sonataflowbuilds
+ - servicemonitors
- create
- delete
- get
- list
- - patch
- update
- watch
- apiGroups:
- - sonataflow.org
- resources:
- - sonataflowbuilds/finalizers
- verbs:
- - update
- - apiGroups:
- - sonataflow.org
+ - serving.knative.dev
- - sonataflowbuilds/status
+ - revisions
- - get
- - patch
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowclusterplatforms
- verbs:
- - create
- delete
- - get
- list
- - patch
- - update
- watch
- apiGroups:
- sonataflow.org
- - sonataflowclusterplatforms/finalizers
- verbs:
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowclusterplatforms/status
- verbs:
- - get
- - patch
- - update
- - apiGroups:
- - sonataflow.org
- resources:
+ - sonataflowbuilds
+ - sonataflowclusterplatforms
- sonataflowplatforms
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowplatforms/finalizers
- verbs:
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- - sonataflowplatforms/status
- verbs:
- - get
- - patch
- - update
- - apiGroups:
- - sonataflow.org
- resources:
- sonataflows
- create
@@ -115,12 +58,18 @@ rules:
- apiGroups:
- sonataflow.org
+ - sonataflowbuilds/finalizers
+ - sonataflowclusterplatforms/finalizers
+ - sonataflowplatforms/finalizers
- sonataflows/finalizers
- update
- apiGroups:
- sonataflow.org
+ - sonataflowbuilds/status
+ - sonataflowclusterplatforms/status
+ - sonataflowplatforms/status
- sonataflows/status
- get
diff --git a/packages/sonataflow-operator/config/rbac/role_binding.yaml b/packages/sonataflow-operator/config/rbac/role_binding.yaml
index ed947db9c30..b44e4697752 100644
--- a/packages/sonataflow-operator/config/rbac/role_binding.yaml
+++ b/packages/sonataflow-operator/config/rbac/role_binding.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
diff --git a/packages/sonataflow-operator/config/rbac/service_account.yaml b/packages/sonataflow-operator/config/rbac/service_account.yaml
index 126d4c8b9c4..10e2052dc67 100644
--- a/packages/sonataflow-operator/config/rbac/service_account.yaml
+++ b/packages/sonataflow-operator/config/rbac/service_account.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
kind: ServiceAccount
diff --git a/packages/sonataflow-operator/config/rbac/service_discovery_role.yaml b/packages/sonataflow-operator/config/rbac/service_discovery_role.yaml
index b2fb5c2a9c8..29907c2a3c1 100644
--- a/packages/sonataflow-operator/config/rbac/service_discovery_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/service_discovery_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/service_discovery_role_binding.yaml b/packages/sonataflow-operator/config/rbac/service_discovery_role_binding.yaml
index 9e90b45fca3..d14cf2e2aee 100644
--- a/packages/sonataflow-operator/config/rbac/service_discovery_role_binding.yaml
+++ b/packages/sonataflow-operator/config/rbac/service_discovery_role_binding.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflow_editor_role.yaml b/packages/sonataflow-operator/config/rbac/sonataflow_editor_role.yaml
index 7193c9c6d5d..042fb35886d 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflow_editor_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflow_editor_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions for end users to edit sonataflowworkflows.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflow_viewer_role.yaml b/packages/sonataflow-operator/config/rbac/sonataflow_viewer_role.yaml
index 0faa1594df3..e6a12c02fe1 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflow_viewer_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflow_viewer_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions for end users to view sonataflowworkflows.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflowbuild_editor_role.yaml b/packages/sonataflow-operator/config/rbac/sonataflowbuild_editor_role.yaml
index a964f4a3488..09062563722 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflowbuild_editor_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflowbuild_editor_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions for end users to edit sonataflowworkflowbuilds.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflowbuild_viewer_role.yaml b/packages/sonataflow-operator/config/rbac/sonataflowbuild_viewer_role.yaml
index 1b9c6488bc6..3a20a838ac1 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflowbuild_viewer_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflowbuild_viewer_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions for end users to view sonataflowworkflowbuilds.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_editor_role.yaml b/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_editor_role.yaml
index 9a074a56794..910b0b7d261 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_editor_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_editor_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions for end users to edit sonataflowclusterplatforms.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_viewer_cluster_role_binding.yaml b/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_viewer_cluster_role_binding.yaml
index 58c2e4e7de5..a1be0afaa55 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_viewer_cluster_role_binding.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_viewer_cluster_role_binding.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# allow users to view SonataFlowClusterPlatforms cluster-wide
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_viewer_role.yaml b/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_viewer_role.yaml
index c060d016550..0a22c0a02c1 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_viewer_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflowclusterplatform_viewer_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions for end users to view sonataflowclusterplatforms.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflowplatform_editor_role.yaml b/packages/sonataflow-operator/config/rbac/sonataflowplatform_editor_role.yaml
index 10f1599d15a..8cb8391781a 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflowplatform_editor_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflowplatform_editor_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions for end users to edit sonataflowplatforms.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/rbac/sonataflowplatform_viewer_role.yaml b/packages/sonataflow-operator/config/rbac/sonataflowplatform_viewer_role.yaml
index f18619359a0..0abfb64dca0 100644
--- a/packages/sonataflow-operator/config/rbac/sonataflowplatform_viewer_role.yaml
+++ b/packages/sonataflow-operator/config/rbac/sonataflowplatform_viewer_role.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# permissions for end users to view sonataflowplatforms.
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/packages/sonataflow-operator/config/samples/kustomization.yaml b/packages/sonataflow-operator/config/samples/kustomization.yaml
index 87b26709cb5..6d4a18972b3 100644
--- a/packages/sonataflow-operator/config/samples/kustomization.yaml
+++ b/packages/sonataflow-operator/config/samples/kustomization.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
## Append samples you want in your CSV to this file as resources ##
diff --git a/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflow.yaml b/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflow.yaml
index 0652b2ead1b..9df80e9a403 100644
--- a/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflow.yaml
+++ b/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflow.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: sonataflow.org/v1alpha08
kind: SonataFlow
diff --git a/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflow_devmodeWithConfigMapAndExternalResource.yaml b/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflow_devmodeWithConfigMapAndExternalResource.yaml
index cbf3ef0ded7..9a62b9a02c9 100644
--- a/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflow_devmodeWithConfigMapAndExternalResource.yaml
+++ b/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflow_devmodeWithConfigMapAndExternalResource.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: v1
diff --git a/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflowclusterplatform.yaml b/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflowclusterplatform.yaml
index 446cb323c34..623a86703db 100644
--- a/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflowclusterplatform.yaml
+++ b/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflowclusterplatform.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: sonataflow.org/v1alpha08
kind: SonataFlowClusterPlatform
diff --git a/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflowplatform.yaml b/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflowplatform.yaml
index 7bc772d4603..cc73c324fc9 100644
--- a/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflowplatform.yaml
+++ b/packages/sonataflow-operator/config/samples/sonataflow.org_v1alpha08_sonataflowplatform.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: sonataflow.org/v1alpha08
kind: SonataFlowPlatform
diff --git a/packages/sonataflow-operator/config/scorecard/bases/config.yaml b/packages/sonataflow-operator/config/scorecard/bases/config.yaml
index 68c14df8e2a..186d88be32a 100644
--- a/packages/sonataflow-operator/config/scorecard/bases/config.yaml
+++ b/packages/sonataflow-operator/config/scorecard/bases/config.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
apiVersion: scorecard.operatorframework.io/v1alpha3
kind: Configuration
diff --git a/packages/sonataflow-operator/config/scorecard/kustomization.yaml b/packages/sonataflow-operator/config/scorecard/kustomization.yaml
index 0fed554ef94..f614fa41488 100644
--- a/packages/sonataflow-operator/config/scorecard/kustomization.yaml
+++ b/packages/sonataflow-operator/config/scorecard/kustomization.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,11 +14,10 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
- bases/config.yaml
- path: patches/basic.config.yaml
group: scorecard.operatorframework.io
@@ -32,4 +30,4 @@ patchesJson6902:
version: v1alpha3
kind: Configuration
name: config
diff --git a/packages/sonataflow-operator/config/scorecard/patches/basic.config.yaml b/packages/sonataflow-operator/config/scorecard/patches/basic.config.yaml
index 7ef4444657c..c25b04a5708 100644
--- a/packages/sonataflow-operator/config/scorecard/patches/basic.config.yaml
+++ b/packages/sonataflow-operator/config/scorecard/patches/basic.config.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
- op: add
path: /stages/0/tests/-
@@ -23,7 +21,7 @@
- scorecard-test
- basic-check-spec
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: basic
test: basic-check-spec-test
diff --git a/packages/sonataflow-operator/config/scorecard/patches/olm.config.yaml b/packages/sonataflow-operator/config/scorecard/patches/olm.config.yaml
index ca9d10b3301..be236db2f68 100644
--- a/packages/sonataflow-operator/config/scorecard/patches/olm.config.yaml
+++ b/packages/sonataflow-operator/config/scorecard/patches/olm.config.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
- op: add
path: /stages/0/tests/-
@@ -23,7 +21,7 @@
- scorecard-test
- olm-bundle-validation
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: olm
test: olm-bundle-validation-test
@@ -33,7 +31,7 @@
- scorecard-test
- olm-crds-have-validation
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: olm
test: olm-crds-have-validation-test
@@ -53,7 +51,7 @@
- scorecard-test
- olm-spec-descriptors
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: olm
test: olm-spec-descriptors-test
@@ -63,7 +61,7 @@
- scorecard-test
- olm-status-descriptors
- image: quay.io/operator-framework/scorecard-test:v1.25.0
+ image: quay.io/operator-framework/scorecard-test:v1.35.0
suite: olm
test: olm-status-descriptors-test
diff --git a/packages/sonataflow-operator/container-builder/Makefile b/packages/sonataflow-operator/container-builder/Makefile
index 96dff21ad3c..14c16b2c04a 100644
--- a/packages/sonataflow-operator/container-builder/Makefile
+++ b/packages/sonataflow-operator/container-builder/Makefile
@@ -1,20 +1,3 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
.PHONY: all
all: build
@@ -49,7 +32,7 @@ clean:
.PHONY: docker-integration-test
docker-integration-test: ## Test docker integration tests
- go test ./... -tags integration_docker -v
+ go test ./... -tags integration_docker
.PHONY: kaniko-docker-integration-test
kaniko-docker-integration-test: ## Test kaniko integration docker tests
diff --git a/packages/sonataflow-operator/container-builder/README.md b/packages/sonataflow-operator/container-builder/README.md
index 70b0efccabd..bd81dd1a733 100644
--- a/packages/sonataflow-operator/container-builder/README.md
+++ b/packages/sonataflow-operator/container-builder/README.md
@@ -1,20 +1,3 @@
# Container Builder
This is an internal build system implementation inspired by [Camel-K Builder package](https://github.com/apache/camel-k/tree/main/pkg/builder) to build Kogito services in a Kubernetes clusters.
diff --git a/packages/sonataflow-operator/container-builder/api/zz_generated.deepcopy.go b/packages/sonataflow-operator/container-builder/api/zz_generated.deepcopy.go
index 46f2ddaea84..8bb6d5d01a7 100644
--- a/packages/sonataflow-operator/container-builder/api/zz_generated.deepcopy.go
+++ b/packages/sonataflow-operator/container-builder/api/zz_generated.deepcopy.go
@@ -1,27 +1,30 @@
//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
// Code generated by controller-gen. DO NOT EDIT.
package api
import (
- "k8s.io/api/core/v1"
+ v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/packages/sonataflow-operator/container-builder/builder/kaniko_docker_integration_test.go b/packages/sonataflow-operator/container-builder/builder/kaniko_docker_integration_test.go
index a6db792a81a..9bfc8835297 100644
--- a/packages/sonataflow-operator/container-builder/builder/kaniko_docker_integration_test.go
+++ b/packages/sonataflow-operator/container-builder/builder/kaniko_docker_integration_test.go
@@ -30,7 +30,6 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/common"
@@ -67,22 +66,3 @@ func (suite *KanikoDockerTestSuite) TestKanikoBuild() {
//@TODO investigate when the code will be in the mono repo
//checkImageOnDockerRegistry(suite, imageName, repos, registry)
-func checkImageOnDockerRegistry(suite *KanikoDockerTestSuite, imageName string, repos []string, registry common.RegistryContainer) {
- pushErr := suite.Docker.PushImage(imageName, imageName, "", "")
- assert.Nil(suite.T(), pushErr)
- repos, _ = registry.GetRepositories()
- assert.True(suite.T(), len(repos) == 1)
-func checkEmptyDockerRegistry(suite *KanikoDockerTestSuite) (common.RegistryContainer, error, []string) {
- assert.Truef(suite.T(), suite.RegistryID != "", "Registry not started")
- registry, err := common.GetRegistryContainer()
- if err != nil {
- klog.V(log.E).ErrorS(err, "registry not found")
- }
- repos, _ := registry.GetRepositories()
- assert.True(suite.T(), len(repos) == 0)
- assert.Nil(suite.T(), err)
- return registry, err, repos
diff --git a/packages/sonataflow-operator/container-builder/builder/kubernetes/builder_kaniko_test.go b/packages/sonataflow-operator/container-builder/builder/kubernetes/builder_kaniko_test.go
index b506b6c8045..e2dfdc740e2 100644
--- a/packages/sonataflow-operator/container-builder/builder/kubernetes/builder_kaniko_test.go
+++ b/packages/sonataflow-operator/container-builder/builder/kubernetes/builder_kaniko_test.go
@@ -68,7 +68,7 @@ func TestNewBuildWithKanikoCustomizations(t *testing.T) {
addFlags[0] = "--use-new-run=true"
// create the new build, schedule with cache enabled, a specific set of resources and additional flags
- build, err := NewBuild(ContainerBuilderInfo{FinalImageName: "docker.io/apache/incubator-kie-buildexample:latest", BuildUniqueName: "build1", Platform: platform}).
+ build, err := NewBuild(ContainerBuilderInfo{FinalImageName: "host/namespace/myservice:latest", BuildUniqueName: "build1", Platform: platform}).
AddResource("Dockerfile", dockerFile).
AddResource("greetings.sw.json", workflowDefinition).
@@ -134,7 +134,7 @@ func TestNewBuildWithKanikoWithBuildArgsAndEnv(t *testing.T) {
- build, err := NewBuild(ContainerBuilderInfo{FinalImageName: "docker.io/apache/incubator-kie-buildexample:latest", BuildUniqueName: "build1", Platform: platform}).
+ build, err := NewBuild(ContainerBuilderInfo{FinalImageName: "host/namespace/service:latest", BuildUniqueName: "build1", Platform: platform}).
AddResource("Dockerfile", dockerFile).
AddResource("greetings.sw.json", workflowDefinition).
@@ -151,6 +151,7 @@ func TestNewBuildWithKanikoWithBuildArgsAndEnv(t *testing.T) {
Value: "value",
+ assert.NoError(t, err)
// reconcile twice to push forward to the pod creation
build, err = FromBuild(build).WithClient(c).Reconcile()
diff --git a/packages/sonataflow-operator/container-builder/builder/kubernetes/builder_test.go b/packages/sonataflow-operator/container-builder/builder/kubernetes/builder_test.go
index fbdda7e4251..0d8ef87aae2 100644
--- a/packages/sonataflow-operator/container-builder/builder/kubernetes/builder_test.go
+++ b/packages/sonataflow-operator/container-builder/builder/kubernetes/builder_test.go
@@ -57,7 +57,7 @@ func TestNewBuild(t *testing.T) {
// create the new build, schedule
- build, err := NewBuild(ContainerBuilderInfo{FinalImageName: "docker.io/apache/incubator-kie-buildexample:latest", BuildUniqueName: "build1", Platform: platform}).
+ build, err := NewBuild(ContainerBuilderInfo{FinalImageName: "host/namespace/myservice:latest", BuildUniqueName: "build1", Platform: platform}).
AddResource("Dockerfile", dockerFile).
AddResource("greetings.sw.json", workflowDefinition).
diff --git a/packages/sonataflow-operator/container-builder/builder/kubernetes/testdata/Dockerfile b/packages/sonataflow-operator/container-builder/builder/kubernetes/testdata/Dockerfile
deleted file mode 100644
index 20d7ba83628..00000000000
--- a/packages/sonataflow-operator/container-builder/builder/kubernetes/testdata/Dockerfile
+++ /dev/null
@@ -1,50 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-FROM docker.io/apache/incubator-kie-sonataflow-builder:main AS builder
-# This image name and tag is auto-replaced using environment variables during install, don't touch.
-# Kogito User
-USER 1001
-# User home from base image
-WORKDIR /home/kogito/kogito-sw-base
-# Copy from build context to skeleton project
-COPY * ./src/main/resources
-# Maven vars enhirited from the base image
-RUN ${MAVEN_HOME}/bin/mvn -U -B ${MAVEN_ARGS_APPEND} -s ${MAVEN_SETTINGS_PATH} clean install -DskipTests
-# Runtime Run
-FROM registry.access.redhat.com/ubi9/openjdk-17:latest
-# We make four distinct layers so if there are application changes the library layers can be re-used
-COPY --from=builder --chown=185 /home/kogito/kogito-sw-base/target/quarkus-app/lib/ /deployments/lib/
-COPY --from=builder --chown=185 /home/kogito/kogito-sw-base/target/quarkus-app/*.jar /deployments/
-COPY --from=builder --chown=185 /home/kogito/kogito-sw-base/target/quarkus-app/app/ /deployments/app/
-COPY --from=builder --chown=185 /home/kogito/kogito-sw-base/target/quarkus-app/quarkus/ /deployments/quarkus/
-EXPOSE 8080
-USER 185
-ENV JAVA_OPTS="-Dquarkus.http.host= -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
-ENV JAVA_APP_JAR="/deployments/quarkus-run.jar"
\ No newline at end of file
diff --git a/packages/sonataflow-operator/container-builder/cleaner/docker_integration_test.go b/packages/sonataflow-operator/container-builder/cleaner/docker_integration_test.go
index 5847d2dabd0..75657d5fa47 100644
--- a/packages/sonataflow-operator/container-builder/cleaner/docker_integration_test.go
+++ b/packages/sonataflow-operator/container-builder/cleaner/docker_integration_test.go
@@ -44,12 +44,6 @@ func TestDockerIntegrationTestSuite(t *testing.T) {
func (suite *DockerTestSuite) TestImagesOperationsOnDockerRegistryForTest() {
- registryContainer, err := common.GetRegistryContainer()
- assert.NotNil(suite.T(), registryContainer)
- assert.Nil(suite.T(), err)
- repos, err := registryContainer.GetRepositories()
- initialSize := len(repos)
- assert.Nil(suite.T(), err)
pullErr := suite.Docker.PullImage(testImg + ":" + latestTag)
if pullErr != nil {
klog.V(log.E).ErrorS(pullErr, "Pull Error")
@@ -70,15 +64,4 @@ func (suite *DockerTestSuite) TestImagesOperationsOnDockerRegistryForTest() {
assert.Nil(suite.T(), pushErr, "Push image in the Docker container failed")
- //give the time to update the registry status
- time.Sleep(2 * time.Second)
- repos, err = registryContainer.GetRepositories()
- assert.Nil(suite.T(), err)
- assert.NotNil(suite.T(), repos)
- assert.True(suite.T(), len(repos) == initialSize+1)
- digest, erroDIgest := registryContainer.Connection.ManifestDigest(testImg, latestTag)
- assert.Nil(suite.T(), erroDIgest)
- assert.NotNil(suite.T(), digest)
- assert.NotNil(suite.T(), registryContainer.DeleteImage(testImg, latestTag), "Delete Image not allowed")
diff --git a/packages/sonataflow-operator/container-builder/cleaner/registry_docker_integration_test.go b/packages/sonataflow-operator/container-builder/cleaner/registry_docker_integration_test.go
index 518d384fbbd..8f45772f8aa 100644
--- a/packages/sonataflow-operator/container-builder/cleaner/registry_docker_integration_test.go
+++ b/packages/sonataflow-operator/container-builder/cleaner/registry_docker_integration_test.go
@@ -23,22 +23,14 @@ package cleaner
import (
- "time"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/common"
-const (
- testImgSecond = "alpine"
- testImgSecondTag = "alpine:latest"
- testImgSecondLocalTag = "localhost:5000/alpine:latest"
func TestRegistryDockerIntegrationTestSuite(t *testing.T) {
suite.Run(t, new(DockerTestSuite))
@@ -50,44 +42,3 @@ func (suite *DockerTestSuite) TestDockerRegistry() {
assert.Truef(suite.T(), suite.LocalRegistry.GetRegistryRunningID() == suite.RegistryID, "Registry container not running")
assert.True(suite.T(), suite.LocalRegistry.Connection.DaemonHost() == "unix:///var/run/docker.sock")
-func (suite *DockerTestSuite) TestPullTagPush() {
- assert.Truef(suite.T(), suite.RegistryID != "", "Registry not started")
- registryContainer, err := common.GetRegistryContainer()
- assert.Nil(suite.T(), err)
- reposInitial, _ := registryContainer.GetRepositories()
- initialRepoSize := len(reposInitial)
- repos := CheckRepositoriesSize(suite.T(), initialRepoSize, registryContainer)
- result := dockerPullTagPushOnRegistryContainer(suite)
- assert.True(suite.T(), result)
- time.Sleep(2 * time.Second) // Needed on CI
- repos = CheckRepositoriesSize(suite.T(), initialRepoSize+1, registryContainer)
- klog.V(log.I).InfoS("Repo Size after pull image", "size", len(repos))
-func dockerPullTagPushOnRegistryContainer(suite *DockerTestSuite) bool {
- dockerSocketConn := suite.Docker.Connection
- d := common.Docker{Connection: dockerSocketConn}
- err := d.PullImage(testImgSecond)
- time.Sleep(2 * time.Second) // needed on CI
- if err != nil {
- assert.Fail(suite.T(), "Pull Image Failed", err)
- return false
- }
- err = d.TagImage(testImgSecondTag, testImgSecondLocalTag)
- if err != nil {
- assert.Fail(suite.T(), "Tag Image Failed", err)
- return false
- }
- err = d.PushImage(testImgSecondLocalTag, common.RegistryContainerUrlFromDockerSocket, "", "")
- if err != nil {
- assert.Fail(suite.T(), "Push Image Failed", err)
- return false
- }
- return true
diff --git a/packages/sonataflow-operator/container-builder/common/docker.go b/packages/sonataflow-operator/container-builder/common/docker.go
index d90a4a5ffe0..4396a37fae8 100644
--- a/packages/sonataflow-operator/container-builder/common/docker.go
+++ b/packages/sonataflow-operator/container-builder/common/docker.go
@@ -25,6 +25,8 @@ import (
+ "github.com/docker/docker/api/types/registry"
@@ -165,7 +167,7 @@ func (d Docker) TagImage(imageSource string, imageTag string) error {
func (d Docker) PushImage(image string, url string, username string, password string) error {
- var authConfig = types.AuthConfig{
+ var authConfig = registry.AuthConfig{
Username: username,
Password: password,
ServerAddress: url,
diff --git a/packages/sonataflow-operator/container-builder/common/registry.go b/packages/sonataflow-operator/container-builder/common/registry.go
index 1d7a6ad6546..e89383808f7 100644
--- a/packages/sonataflow-operator/container-builder/common/registry.go
+++ b/packages/sonataflow-operator/container-builder/common/registry.go
@@ -22,135 +22,27 @@ package common
import (
- "net/http"
- "time"
- "k8s.io/klog/v2"
- registryContainer "github.com/heroku/docker-registry-client/registry"
- "github.com/opencontainers/go-digest"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/util/log"
const (
RegistryContainerUrlFromDockerSocket = "tcp://localhost:5000"
RegistryImg = "registry"
registryImgFullTag = "docker.io/library/registry:latest"
- registryContainerUrl = "http://localhost:5000"
-type Registry interface {
- StartRegistry()
- StopRegistry()
type DockerLocalRegistry struct {
Connection *client.Client
-type RegistryContainer struct {
- Connection registryContainer.Registry
- URL string
- Client *http.Client
-func (r RegistryContainer) GetRepositories() ([]string, error) {
- return r.Connection.Repositories()
-func (r RegistryContainer) GetRepositoriesTags(repo string) ([]string, error) {
- return r.Connection.Tags(repo)
-func (r RegistryContainer) DeleteManifest(repo string, tag string) error {
- digest, error := r.Connection.ManifestDigest(repo, tag)
- if error != nil {
- return error
- }
- return r.Connection.DeleteManifest(repo, digest)
-func (r RegistryContainer) DeleteImageByDigest(repository string, digest digest.Digest) error {
- url := r.url("/v2/%s/manifests/%s", repository, digest)
- req, err := http.NewRequest("DELETE", url, nil)
- if err != nil {
- return err
- }
- resp, err := r.Connection.Client.Do(req)
- if resp != nil {
- defer resp.Body.Close()
- }
- if err != nil {
- return err
- }
- return nil
-func (r RegistryContainer) DeleteImage(repository string, tag string) error {
- url := r.url("/v2/%s/manifests/%s", repository, tag)
- req, err := http.NewRequest("DELETE", url, nil)
- if err != nil {
- return err
- }
- resp, err := r.Connection.Client.Do(req)
- if resp != nil {
- defer resp.Body.Close()
- }
- if err != nil {
- klog.V(log.E).ErrorS(err, "error during DeleteImage")
- return err
- }
- return nil
-func (r *RegistryContainer) url(pathTemplate string, args ...interface{}) string {
- pathSuffix := fmt.Sprintf(pathTemplate, args...)
- url := fmt.Sprintf("%s%s", r.Connection.URL, pathSuffix)
- return url
-func GetRegistryContainer() (RegistryContainer, error) {
- registryContainerConnection, err := GetRegistryConnection(registryContainerUrl, "", "")
- if err != nil {
- klog.V(log.E).ErrorS(err, "Can't connect to the RegistryContainer")
- return RegistryContainer{}, err
- }
- return RegistryContainer{Connection: *registryContainerConnection}, nil
func IsPortAvailable(port string) bool {
ln, err := net.Listen("tcp", ":"+port)
+ defer ln.Close()
if err != nil {
- fmt.Fprintf(os.Stderr, "Can't listen on port %q: %s", port, err)
+ _, _ = fmt.Fprintf(os.Stderr, "Can't listen on port %q: %s", port, err)
return false
- ln.Close()
return true
-func GetRegistryConnection(url string, username string, password string) (*registryContainer.Registry, error) {
- registryConn, err := registryContainer.New(url, username, password)
- if err != nil {
- klog.V(log.E).ErrorS(err, "First Attempt to connect with RegistryContainer")
- }
- // we try ten times if the machine is slow and the registry needs time to start
- if err != nil {
- klog.V(log.I).InfoS("Waiting for a correct ping with RegistryContainer")
- for i := 0; i < 10; i++ {
- time.Sleep(1 * time.Second)
- if registryConn == nil {
- registryConn, _ = registryContainer.New(url, username, password)
- }
- if registryConn != nil {
- if err := registryConn.Ping(); err != nil {
- continue
- }
- }
- }
- }
- return registryConn, err
diff --git a/packages/sonataflow-operator/container-builder/examples/api/Build_usingKanikowithCacheAndCustomizations.yaml b/packages/sonataflow-operator/container-builder/examples/api/Build_usingKanikowithCacheAndCustomizations.yaml
index c09ecf8442f..4e4bc69826e 100644
--- a/packages/sonataflow-operator/container-builder/examples/api/Build_usingKanikowithCacheAndCustomizations.yaml
+++ b/packages/sonataflow-operator/container-builder/examples/api/Build_usingKanikowithCacheAndCustomizations.yaml
@@ -1,22 +1,3 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
name: build-kaniko-using-cache-and-customizations
diff --git a/packages/sonataflow-operator/container-builder/examples/api/PlatformBuild_usingKanikowithCache.yaml b/packages/sonataflow-operator/container-builder/examples/api/PlatformBuild_usingKanikowithCache.yaml
index 5a0faec54ac..0de7fab5dcd 100644
--- a/packages/sonataflow-operator/container-builder/examples/api/PlatformBuild_usingKanikowithCache.yaml
+++ b/packages/sonataflow-operator/container-builder/examples/api/PlatformBuild_usingKanikowithCache.yaml
@@ -1,26 +1,7 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
name: platform-kaniko-using-cache
publishStrategy: "Kaniko"
- baseImage: docker.io/apache/incubator-kie-sonataflow-builder:main # This image name and tag is auto-replaced using environment variables during install, don't touch.
+ baseImage: docker.io/apache/incubator-kie-sonataflow-builder:main
address: docker.io/apache
secret: regcred
diff --git a/packages/sonataflow-operator/container-builder/examples/app.yaml b/packages/sonataflow-operator/container-builder/examples/app.yaml
index 480c3a5216b..5e93dd8f9ab 100644
--- a/packages/sonataflow-operator/container-builder/examples/app.yaml
+++ b/packages/sonataflow-operator/container-builder/examples/app.yaml
@@ -1,22 +1,3 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
# example deployment that can be used to run the built image
apiVersion: apps/v1
kind: Deployment
diff --git a/packages/sonataflow-operator/container-builder/examples/dockerfiles/SonataFlow.dockerfile b/packages/sonataflow-operator/container-builder/examples/dockerfiles/SonataFlow.dockerfile
index 9316b6e3581..82d94abee46 100644
--- a/packages/sonataflow-operator/container-builder/examples/dockerfiles/SonataFlow.dockerfile
+++ b/packages/sonataflow-operator/container-builder/examples/dockerfiles/SonataFlow.dockerfile
@@ -16,7 +16,6 @@
# under the License.
FROM docker.io/apache/incubator-kie-sonataflow-builder:main AS builder
-# This image name and tag is auto-replaced using environment variables during install, don't touch.
# Kogito User
USER 1001
diff --git a/packages/sonataflow-operator/container-builder/go.mod b/packages/sonataflow-operator/container-builder/go.mod
index d26060a02b2..e9eea18b2d4 100644
--- a/packages/sonataflow-operator/container-builder/go.mod
+++ b/packages/sonataflow-operator/container-builder/go.mod
@@ -1,90 +1,95 @@
module github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder
-go 1.21
+go 1.22.0
+toolchain go1.22.4
require (
- github.com/docker/docker v24.0.9+incompatible
- github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11
- github.com/google/uuid v1.3.1
- github.com/heroku/docker-registry-client v0.0.0-20211012143308-9463674c8930
+ github.com/docker/docker v25.0.6+incompatible
+ github.com/docker/go-connections v0.5.0
+ github.com/google/uuid v1.6.0
github.com/jpillora/backoff v1.0.0
github.com/mitchellh/go-homedir v1.1.0
- github.com/opencontainers/go-digest v1.0.0
github.com/pkg/errors v0.9.1
- github.com/stretchr/testify v1.8.4
- golang.org/x/net v0.23.0
- k8s.io/api v0.27.6
- k8s.io/apimachinery v0.27.6
- k8s.io/client-go v0.27.6
- k8s.io/klog/v2 v2.100.1
- sigs.k8s.io/controller-runtime v0.15.0
+ github.com/stretchr/testify v1.9.0
+ golang.org/x/net v0.28.0
+ k8s.io/api v0.31.1
+ k8s.io/apimachinery v0.31.1
+ k8s.io/client-go v0.31.1
+ k8s.io/klog/v2 v2.130.1
+ sigs.k8s.io/controller-runtime v0.19.0
require (
- github.com/Microsoft/go-winio v0.6.1 // indirect
+ github.com/Microsoft/go-winio v0.6.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
- github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/cespare/xxhash/v2 v2.3.0 // indirect
+ github.com/containerd/log v0.1.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
- github.com/docker/distribution v2.8.2+incompatible // indirect
+ github.com/distribution/reference v0.6.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
- github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
- github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+ github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
- github.com/evanphx/json-patch/v5 v5.7.0 // indirect
- github.com/fsnotify/fsnotify v1.6.0 // indirect
- github.com/go-logr/logr v1.2.4 // indirect
+ github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+ github.com/felixge/httpsnoop v1.0.4 // indirect
+ github.com/fsnotify/fsnotify v1.7.0 // indirect
+ github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+ github.com/go-logr/logr v1.4.2 // indirect
+ github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- github.com/golang/protobuf v1.5.3 // indirect
- github.com/google/gnostic v0.6.9 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
+ github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
- github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 // indirect
- github.com/gorilla/mux v1.8.0 // indirect
+ github.com/gorilla/websocket v1.5.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
- github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
- github.com/moby/spdystream v0.2.0 // indirect
+ github.com/moby/spdystream v0.4.0 // indirect
+ github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
- github.com/onsi/ginkgo/v2 v2.13.0 // indirect
- github.com/onsi/gomega v1.30.0 // indirect
- github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
+ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+ github.com/opencontainers/go-digest v1.0.0 // indirect
+ github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
- github.com/prometheus/client_golang v1.17.0 // indirect
- github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
- github.com/prometheus/common v0.44.0 // indirect
- github.com/prometheus/procfs v0.11.1 // indirect
- github.com/sirupsen/logrus v1.9.0 // indirect
+ github.com/prometheus/client_golang v1.19.1 // indirect
+ github.com/prometheus/client_model v0.6.1 // indirect
+ github.com/prometheus/common v0.55.0 // indirect
+ github.com/prometheus/procfs v0.15.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
- go.uber.org/multierr v1.11.0 // indirect
- go.uber.org/zap v1.26.0 // indirect
- golang.org/x/mod v0.13.0 // indirect
- golang.org/x/oauth2 v0.13.0 // indirect
- golang.org/x/sys v0.18.0 // indirect
- golang.org/x/term v0.18.0 // indirect
- golang.org/x/text v0.14.0 // indirect
- golang.org/x/time v0.3.0 // indirect
- golang.org/x/tools v0.14.0 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+ go.opentelemetry.io/otel v1.28.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 // indirect
+ go.opentelemetry.io/otel/metric v1.28.0 // indirect
+ go.opentelemetry.io/otel/trace v1.28.0 // indirect
+ golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 // indirect
+ golang.org/x/mod v0.17.0 // indirect
+ golang.org/x/oauth2 v0.21.0 // indirect
+ golang.org/x/sync v0.8.0 // indirect
+ golang.org/x/sys v0.26.0 // indirect
+ golang.org/x/term v0.25.0 // indirect
+ golang.org/x/text v0.19.0 // indirect
+ golang.org/x/time v0.5.0 // indirect
+ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
- google.golang.org/appengine v1.6.7 // indirect
- google.golang.org/protobuf v1.33.0 // indirect
+ google.golang.org/protobuf v1.34.2 // indirect
+ gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- gotest.tools/v3 v3.0.3 // indirect
- k8s.io/apiextensions-apiserver v0.27.6 // indirect
- k8s.io/component-base v0.27.6 // indirect
- k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 // indirect
- k8s.io/utils v0.0.0-20230711102312-30195339c3c7 // indirect
+ gotest.tools/v3 v3.5.1 // indirect
+ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
- sigs.k8s.io/yaml v1.3.0 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+ sigs.k8s.io/yaml v1.4.0 // indirect
diff --git a/packages/sonataflow-operator/container-builder/go.sum b/packages/sonataflow-operator/container-builder/go.sum
index a4989def790..61428ff2a35 100644
--- a/packages/sonataflow-operator/container-builder/go.sum
+++ b/packages/sonataflow-operator/container-builder/go.sum
@@ -1,71 +1,43 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o=
-github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/distribution v0.0.0-20171011171712-7484e51bf6af/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0=
-github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 h1:IPrmumsT9t5BS7XcPhgsCTlkWbYg80SEXUzDpReaU6Y=
-github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11/go.mod h1:a6bNUGTbQBsY6VRHTr4h/rkOXjl244DyRD0tx3fgq4Q=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg=
+github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
+github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
-github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE=
-github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
-github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
-github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA=
-github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
-github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
-github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
@@ -74,95 +46,28 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En
github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
-github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
-github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
-github.com/go-toolsmith/astequal v0.0.0-20180903214952-dcb477bfacd6/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
-github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
-github.com/go-toolsmith/astfmt v0.0.0-20180903215011-8f8ee99c3086/go.mod h1:mP93XdblcopXwlyN4X4uodxXQhldPGZbcEJIimQHrkg=
-github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw=
-github.com/go-toolsmith/astinfo v0.0.0-20180906194353-9809ff7efb21/go.mod h1:dDStQCHtmZpYOmjRP/8gHHnCCch3Zz3oEgCdZVdtweU=
-github.com/go-toolsmith/astp v0.0.0-20180903215135-0af7e3c24f30/go.mod h1:SV2ur98SGypH1UjcPpCatrV5hPazG6+IfNHbkDXBRrk=
-github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI=
-github.com/go-toolsmith/pkgload v0.0.0-20181119091011-e9e65178eee8/go.mod h1:WoMrjiy4zvdS+Bg6z9jZH82QXwkcgCBX6nOfnmdaHks=
-github.com/go-toolsmith/pkgload v1.0.0/go.mod h1:5eFArkbO80v7Z0kdngIxsRXRMTaX4Ilcwuh3clNrQJc=
-github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8=
-github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
-github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
-github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
-github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0=
-github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2NxV+sN8upjjeVYr5W7tyxaT1JVtvhKhOn2ii8=
-github.com/golangci/go-tools v0.0.0-20190318055746-e32c54105b7c/go.mod h1:unzUULGw35sjyOYjUt0jMTXqHlZPpPc6e+xfO4cd6mM=
-github.com/golangci/goconst v0.0.0-20180610141641-041c5f2b40f3/go.mod h1:JXrF4TWy4tXYn62/9x8Wm/K/dm06p8tCKwFRDPZG/1o=
-github.com/golangci/gocyclo v0.0.0-20180528134321-2becd97e67ee/go.mod h1:ozx7R9SIwqmqf5pRP90DhR2Oay2UIjGuKheCBCNwAYU=
-github.com/golangci/gofmt v0.0.0-20181222123516-0b8337e80d98/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU=
-github.com/golangci/golangci-lint v1.17.2-0.20190909185456-6163a8a79084/go.mod h1:jXakAOSd+FMU9dP3D6IfBK7HyD1q/RLHI9NOY8veycY=
-github.com/golangci/gosec v0.0.0-20190211064107-66fb7fc33547/go.mod h1:0qUabqiIQgfmlAmulqxyiGkkyF6/tOGSnY2cnPVwrzU=
-github.com/golangci/ineffassign v0.0.0-20190609212857-42439a7714cc/go.mod h1:e5tpTHCfVze+7EpLEozzMB3eafxo2KT5veNg1k6byQU=
-github.com/golangci/lint-1 v0.0.0-20190420132249-ee948d087217/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg=
-github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o=
-github.com/golangci/misspell v0.0.0-20180809174111-950f5d19e770/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA=
-github.com/golangci/prealloc v0.0.0-20180630174525-215b22d4de21/go.mod h1:tf5+bzsHdTM0bsB7+8mt0GUMvjCgwLpTapNZHU8AajI=
-github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4=
-github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ=
-github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
-github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 h1:n6vlPhxsA+BW/XsS5+uqi7GyzaLa5MH7qlSLBZtRdiA=
-github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w=
-github.com/heroku/docker-registry-client v0.0.0-20211012143308-9463674c8930 h1:mNL9ktJqBuzPTV/QP/fKd4y1uOFvfiv6zhe0G7lg9OA=
-github.com/heroku/docker-registry-client v0.0.0-20211012143308-9463674c8930/go.mod h1:Yho0S7KhsnHQRCC5lDraYF1SsLMeWtf/tKdufKu3TJA=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=
@@ -170,15 +75,7 @@ github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
-github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -186,24 +83,12 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
-github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk=
-github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
-github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
-github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8=
+github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -211,277 +96,134 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
-github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
-github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
-github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
-github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
-github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
-github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/shirou/gopsutil v0.0.0-20180427012116-c95755e4bcd7/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
-github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
-github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
-github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
-github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.0/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
-github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
-github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s=
-github.com/valyala/quicktemplate v1.1.1/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4=
-github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 h1:j9+03ymgYhPKmeXGk5Zu+cIZOlVzd9Zv7QIiyItjFBU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0/go.mod h1:Y5+XiUG4Emn1hTfciPzGPJaSI+RpDts6BnCIir0SLqk=
+go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
+go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
+go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
+go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
-golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181117154741-2ddaf7f79a09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190121143147-24cd39ecf745/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190521203540-521d6ed310dd/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
-golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.27.6 h1:PBWu/lywJe2qQcshMjubzcBg7+XDZOo7O8JJAWuYtUo=
-k8s.io/api v0.27.6/go.mod h1:AQYj0UsFCp3qJE7bOVnUuy4orCsXVkvHefnbYQiNWgk=
-k8s.io/apiextensions-apiserver v0.27.6 h1:mOwSBJtThZhpJr+8gEkc3wFDIjq87E3JspR5mtZxIg8=
-k8s.io/apiextensions-apiserver v0.27.6/go.mod h1:AVNlLYRrESG5Poo6ASRUhY2pvoKPcNt8y/IuZ4lx3o8=
-k8s.io/apimachinery v0.27.6 h1:mGU8jmBq5o8mWBov+mLjdTBcU+etTE19waies4AQ6NE=
-k8s.io/apimachinery v0.27.6/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
-k8s.io/client-go v0.27.6 h1:vzI8804gpUtpMCNaFjIFyJrifH7u//LJCJPy8fQuYQg=
-k8s.io/client-go v0.27.6/go.mod h1:PMsXcDKiJTW7PHJ64oEsIUJF319wm+EFlCj76oE5QXM=
-k8s.io/component-base v0.27.6 h1:hF5WxX7Tpi9/dXAbLjPVkIA6CA6Pi6r9JOHyo0uCDYI=
-k8s.io/component-base v0.27.6/go.mod h1:NvjLtaneUeb0GgMPpCBF+4LNB9GuhDHi16uUTjBhQfU=
-k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
-k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 h1:OmK1d0WrkD3IPfkskvroRykOulHVHf0s0ZIFRjyt+UI=
-k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ=
-k8s.io/utils v0.0.0-20230711102312-30195339c3c7 h1:ZgnF1KZsYxWIifwSNZFZgNtWE89WI5yiP5WwlfDoIyc=
-k8s.io/utils v0.0.0-20230711102312-30195339c3c7/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
-mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
-mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY=
-sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
-sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
+gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
+gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
+k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
+k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
+k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
+k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
-sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
diff --git a/packages/sonataflow-operator/container-builder/hack/btrfs_installed_tag.sh b/packages/sonataflow-operator/container-builder/hack/btrfs_installed_tag.sh
index 6861bd7561e..0073717f76a 100755
--- a/packages/sonataflow-operator/container-builder/hack/btrfs_installed_tag.sh
+++ b/packages/sonataflow-operator/container-builder/hack/btrfs_installed_tag.sh
@@ -1,5 +1,4 @@
#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,7 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
${CPP:-${CC:-cc} -E} ${CPPFLAGS} - > /dev/null 2> /dev/null << EOF
diff --git a/packages/sonataflow-operator/container-builder/hack/btrfs_tag.sh b/packages/sonataflow-operator/container-builder/hack/btrfs_tag.sh
index fd392b58708..479fee3c550 100755
--- a/packages/sonataflow-operator/container-builder/hack/btrfs_tag.sh
+++ b/packages/sonataflow-operator/container-builder/hack/btrfs_tag.sh
@@ -1,5 +1,4 @@
#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,7 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
${CPP:-${CC:-cc} -E} ${CPPFLAGS} - > /dev/null 2> /dev/null << EOF
diff --git a/packages/sonataflow-operator/controllers/knative/knative.go b/packages/sonataflow-operator/controllers/knative/knative.go
deleted file mode 100644
index 929a96cc5d0..00000000000
--- a/packages/sonataflow-operator/controllers/knative/knative.go
+++ /dev/null
@@ -1,86 +0,0 @@
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package knative
-import (
- "k8s.io/client-go/discovery"
- "k8s.io/client-go/rest"
- clienteventingv1 "knative.dev/eventing/pkg/client/clientset/versioned/typed/eventing/v1"
- clientservingv1 "knative.dev/serving/pkg/client/clientset/versioned/typed/serving/v1"
-var servingClient clientservingv1.ServingV1Interface
-var eventingClient clienteventingv1.EventingV1Interface
-type Availability struct {
- Eventing bool
- Serving bool
-func GetKnativeServingClient(cfg *rest.Config) (clientservingv1.ServingV1Interface, error) {
- if servingClient == nil {
- if knServingClient, err := NewKnativeServingClient(cfg); err != nil {
- return nil, err
- } else {
- servingClient = knServingClient
- }
- }
- return servingClient, nil
-func GetKnativeEventingClient(cfg *rest.Config) (clienteventingv1.EventingV1Interface, error) {
- if eventingClient == nil {
- if knEventingClient, err := NewKnativeEventingClient(cfg); err != nil {
- return nil, err
- } else {
- eventingClient = knEventingClient
- }
- }
- return eventingClient, nil
-func NewKnativeServingClient(cfg *rest.Config) (*clientservingv1.ServingV1Client, error) {
- return clientservingv1.NewForConfig(cfg)
-func NewKnativeEventingClient(cfg *rest.Config) (*clienteventingv1.EventingV1Client, error) {
- return clienteventingv1.NewForConfig(cfg)
-func GetKnativeAvailability(cfg *rest.Config) (*Availability, error) {
- if cli, err := discovery.NewDiscoveryClientForConfig(cfg); err != nil {
- return nil, err
- } else {
- apiList, err := cli.ServerGroups()
- if err != nil {
- return nil, err
- }
- result := new(Availability)
- for _, group := range apiList.Groups {
- if group.Name == "serving.knative.dev" {
- result.Serving = true
- }
- if group.Name == "eventing.knative.dev" {
- result.Eventing = true
- }
- }
- return result, nil
- }
diff --git a/packages/sonataflow-operator/controllers/platform/defaults.go b/packages/sonataflow-operator/controllers/platform/defaults.go
deleted file mode 100644
index 358351701ba..00000000000
--- a/packages/sonataflow-operator/controllers/platform/defaults.go
+++ /dev/null
@@ -1,113 +0,0 @@
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package platform
-import (
- "context"
- "k8s.io/apimachinery/pkg/api/errors"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/klog/v2"
- ctrl "sigs.k8s.io/controller-runtime/pkg/client"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
-const defaultSonataFlowPlatformName = "sonataflow-platform"
-func ConfigureDefaults(ctx context.Context, c client.Client, p *operatorapi.SonataFlowPlatform, verbose bool) error {
- // update missing fields in the resource
- if p.Status.Cluster == "" || utils.IsOpenShift() {
- p.Status.Cluster = operatorapi.PlatformClusterOpenShift
- p.Spec.Build.Config.BuildStrategy = operatorapi.PlatformBuildStrategy
- }
- if p.Status.Cluster == "" || !utils.IsOpenShift() {
- p.Status.Cluster = operatorapi.PlatformClusterKubernetes
- p.Spec.Build.Config.BuildStrategy = operatorapi.OperatorBuildStrategy
- }
- err := setPlatformDefaults(p, verbose)
- if err != nil {
- return err
- }
- err = configureRegistry(ctx, c, p, verbose)
- if err != nil {
- return err
- }
- if verbose && p.Spec.Build.Config.Timeout.Duration != 0 {
- klog.V(log.I).InfoS("Maven Timeout set", "timeout", p.Spec.Build.Config.Timeout.Duration)
- }
- return createOrUpdatePlatform(ctx, c, p)
-func createOrUpdatePlatform(ctx context.Context, c client.Client, p *operatorapi.SonataFlowPlatform) error {
- config := operatorapi.SonataFlowPlatform{}
- err := c.Get(ctx, ctrl.ObjectKey{Namespace: p.Namespace, Name: p.Name}, &config)
- if errors.IsNotFound(err) {
- klog.V(log.D).ErrorS(err, "Platform not found, creating it")
- return c.Create(ctx, p)
- } else if err != nil {
- klog.V(log.E).ErrorS(err, "Error reading the Platform")
- return err
- }
- config.Spec = p.Spec
- config.Status.Cluster = p.Status.Cluster
- err = c.Update(ctx, &config)
- if err != nil {
- klog.V(log.E).ErrorS(err, "Error updating the BuildPlatform")
- }
- return err
-func newDefaultSonataFlowPlatform(namespace string) *operatorapi.SonataFlowPlatform {
- if utils.IsOpenShift() {
- return &operatorapi.SonataFlowPlatform{
- ObjectMeta: metav1.ObjectMeta{Name: defaultSonataFlowPlatformName, Namespace: namespace},
- Spec: operatorapi.SonataFlowPlatformSpec{
- Build: operatorapi.BuildPlatformSpec{
- Config: operatorapi.BuildPlatformConfig{
- BuildStrategy: operatorapi.PlatformBuildStrategy,
- },
- },
- },
- }
- }
- return &operatorapi.SonataFlowPlatform{
- ObjectMeta: metav1.ObjectMeta{Name: defaultSonataFlowPlatformName, Namespace: namespace},
- Spec: operatorapi.SonataFlowPlatformSpec{
- Build: operatorapi.BuildPlatformSpec{
- Config: operatorapi.BuildPlatformConfig{
- BuildStrategyOptions: map[string]string{
- kanikoBuildCacheEnabled: "true",
- },
- },
- },
- },
- }
diff --git a/packages/sonataflow-operator/controllers/platform/platformutils_test.go b/packages/sonataflow-operator/controllers/platform/platformutils_test.go
deleted file mode 100644
index feee522a703..00000000000
--- a/packages/sonataflow-operator/controllers/platform/platformutils_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package platform
-import (
- "os"
- "regexp"
- "testing"
- "github.com/stretchr/testify/assert"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
-func TestSonataFlowBuildController(t *testing.T) {
- platform := test.GetBasePlatform()
- dockerfileBytes, err := os.ReadFile("../../test/builder/Dockerfile")
- if err != nil {
- assert.Fail(t, "Unable to read base Dockerfile")
- }
- dockerfile := string(dockerfileBytes)
- // 1 - Let's verify that the default image is used (for this unit test is docker.io/apache/incubator-kie-sonataflow-builder:main)
- resDefault := GetCustomizedBuilderDockerfile(dockerfile, *platform)
- foundDefault, err := regexp.MatchString("FROM docker.io/apache/incubator-kie-sonataflow-builder:main AS builder", resDefault)
- assert.NoError(t, err)
- assert.True(t, foundDefault)
- // 2 - Let's try to override using the productized image
- platform.Spec.Build.Config.BaseImage = "registry.access.redhat.com/openshift-serverless-1-tech-preview/logic-swf-builder-rhel8"
- resProductized := GetCustomizedBuilderDockerfile(dockerfile, *platform)
- foundProductized, err := regexp.MatchString("FROM registry.access.redhat.com/openshift-serverless-1-tech-preview/logic-swf-builder-rhel8 AS builder", resProductized)
- assert.NoError(t, err)
- assert.True(t, foundProductized)
diff --git a/packages/sonataflow-operator/controllers/platform/services/services.go b/packages/sonataflow-operator/controllers/platform/services/services.go
deleted file mode 100644
index 4170ab723f7..00000000000
--- a/packages/sonataflow-operator/controllers/platform/services/services.go
+++ /dev/null
@@ -1,470 +0,0 @@
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package services
-import (
- "fmt"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
- corev1 "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/api/resource"
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/persistence"
- "github.com/magiconair/properties"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/version"
- "github.com/imdario/mergo"
-const (
- quarkusHibernateORMDatabaseGeneration string = "QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION"
- quarkusFlywayMigrateAtStart string = "QUARKUS_FLYWAY_MIGRATE_AT_START"
-type PlatformServiceHandler interface {
- // GetContainerName returns the name of the service's container in the deployment.
- GetContainerName() string
- // GetServiceImageName returns the image name of the service's container. It takes in the service and persistence types and returns a string
- // that contains the FQDN of the image, including the tag.
- GetServiceImageName(persistenceName constants.PersistenceType) string
- // GetServiceName returns the name of the kubernetes service prefixed with the platform name
- GetServiceName() string
- // GetServiceCmName returns the name of the configmap associated to the service
- GetServiceCmName() string
- // GetEnvironmentVariables returns the env variables to be injected to the service container
- GetEnvironmentVariables() []corev1.EnvVar
- // GetPodResourceRequirements returns the pod's memory and CPU resource requirements
- // Values for job service taken from
- // https://github.com/parodos-dev/orchestrator-helm-chart/blob/52d09eda56fdbed3060782df29847c97f172600f/charts/orchestrator/values.yaml#L68-L72
- GetPodResourceRequirements() corev1.ResourceRequirements
- // GetReplicaCount Returns the default pod replica count for the given service
- GetReplicaCount() int32
- // MergeContainerSpec performs a merge with override using the containerSpec argument and the expected values based on the service's pod template specifications. The returning
- // object is the merged result
- MergeContainerSpec(containerSpec *corev1.Container) (*corev1.Container, error)
- // ConfigurePersistence sets the persistence's image and environment values when it is defined in the Persistence field of the service, overriding any existing value.
- ConfigurePersistence(containerSpec *corev1.Container) *corev1.Container
- // MergePodSpec performs a merge with override between the podSpec argument and the expected values based on the service's pod template specification. The returning
- // object is the result of the merge
- MergePodSpec(podSpec corev1.PodSpec) (corev1.PodSpec, error)
- // GenerateServiceProperties returns a property object that contains the application properties required by the service deployment
- GenerateServiceProperties() (*properties.Properties, error)
- // IsServiceSetInSpec returns true if the service is set in the spec.
- IsServiceSetInSpec() bool
- // IsServiceEnabledInSpec returns true if the service is enabled in the spec.
- IsServiceEnabledInSpec() bool
- // GetLocalServiceBaseUrl returns the base url of the local service
- GetLocalServiceBaseUrl() string
- // GetServiceBaseUrl returns the base url of the service, based on whether using local or cluster-scoped service.
- GetServiceBaseUrl() string
- // IsServiceEnabled returns true if the service is enabled in either the spec or the status.clusterPlatformRef.
- IsServiceEnabled() bool
- // SetServiceUrlInPlatformStatus sets the service url in the platform's status. if reconciled instance does not have service set in spec AND
- // if cluster referenced platform has said service enabled, use the cluster platform's service
- SetServiceUrlInPlatformStatus(clusterRefPlatform *operatorapi.SonataFlowPlatform)
- // SetServiceUrlInWorkflowStatus sets the service url in a workflow's status.
- SetServiceUrlInWorkflowStatus(workflow *operatorapi.SonataFlow)
-type DataIndexHandler struct {
- platform *operatorapi.SonataFlowPlatform
-func NewDataIndexHandler(platform *operatorapi.SonataFlowPlatform) PlatformServiceHandler {
- return DataIndexHandler{platform: platform}
-func (d DataIndexHandler) GetContainerName() string {
- return constants.DataIndexServiceName
-func (d DataIndexHandler) GetServiceImageName(persistenceType constants.PersistenceType) string {
- if persistenceType == constants.PersistenceTypePostgreSQL && len(cfg.GetCfg().DataIndexPostgreSQLImageTag) > 0 {
- return cfg.GetCfg().DataIndexPostgreSQLImageTag
- }
- if persistenceType == constants.PersistenceTypeEphemeral && len(cfg.GetCfg().DataIndexEphemeralImageTag) > 0 {
- return cfg.GetCfg().DataIndexEphemeralImageTag
- }
- // returns "docker.io/apache/incubator-kie-kogito-data-index-:"
- return fmt.Sprintf("%s-%s-%s:%s", constants.KogitoImageNamePrefix, constants.DataIndexName, persistenceType.String(), version.GetKogitoImagesTagVersion())
-func (d DataIndexHandler) GetServiceName() string {
- return fmt.Sprintf("%s-%s", d.platform.Name, constants.DataIndexServiceName)
-func (d DataIndexHandler) SetServiceUrlInPlatformStatus(clusterRefPlatform *operatorapi.SonataFlowPlatform) {
- psDI := NewDataIndexHandler(clusterRefPlatform)
- if !isServicesSet(d.platform) && psDI.IsServiceEnabledInSpec() {
- if d.platform.Status.ClusterPlatformRef != nil {
- if d.platform.Status.ClusterPlatformRef.Services == nil {
- d.platform.Status.ClusterPlatformRef.Services = &operatorapi.PlatformServicesStatus{}
- }
- d.platform.Status.ClusterPlatformRef.Services.DataIndexRef = &operatorapi.PlatformServiceRefStatus{
- Url: psDI.GetLocalServiceBaseUrl(),
- }
- }
- }
-func (d DataIndexHandler) SetServiceUrlInWorkflowStatus(workflow *operatorapi.SonataFlow) {
- if !profiles.IsDevProfile(workflow) && d.IsServiceEnabled() {
- if workflow.Status.Services == nil {
- workflow.Status.Services = &operatorapi.PlatformServicesStatus{}
- }
- workflow.Status.Services.DataIndexRef = &operatorapi.PlatformServiceRefStatus{
- Url: d.GetServiceBaseUrl(),
- }
- }
-func (d DataIndexHandler) IsServiceSetInSpec() bool {
- return isDataIndexSet(d.platform)
-func (d DataIndexHandler) IsServiceEnabledInSpec() bool {
- return isDataIndexEnabled(d.platform)
-func (d DataIndexHandler) isServiceEnabledInStatus() bool {
- return d.platform != nil && d.platform.Status.ClusterPlatformRef != nil &&
- d.platform.Status.ClusterPlatformRef.Services != nil && d.platform.Status.ClusterPlatformRef.Services.DataIndexRef != nil &&
- !isServicesSet(d.platform)
-func (d DataIndexHandler) IsServiceEnabled() bool {
- return d.IsServiceEnabledInSpec() || d.isServiceEnabledInStatus()
-func (d DataIndexHandler) GetServiceBaseUrl() string {
- if d.IsServiceEnabledInSpec() {
- return d.GetLocalServiceBaseUrl()
- }
- if d.isServiceEnabledInStatus() {
- return d.platform.Status.ClusterPlatformRef.Services.DataIndexRef.Url
- }
- return ""
-func (d DataIndexHandler) GetLocalServiceBaseUrl() string {
- return GenerateServiceURL(constants.KogitoServiceURLProtocol, d.platform.Namespace, d.GetServiceName())
-func (d DataIndexHandler) GetEnvironmentVariables() []corev1.EnvVar {
- return []corev1.EnvVar{
- {
- Value: "http-events-support",
- },
- {
- Value: "true",
- },
- {
- Value: "/.*/",
- },
- }
-func (d DataIndexHandler) GetPodResourceRequirements() corev1.ResourceRequirements {
- return corev1.ResourceRequirements{
- Requests: corev1.ResourceList{
- corev1.ResourceCPU: resource.MustParse("100m"),
- corev1.ResourceMemory: resource.MustParse("1Gi"),
- },
- Limits: corev1.ResourceList{
- corev1.ResourceCPU: resource.MustParse("200m"),
- corev1.ResourceMemory: resource.MustParse("1Gi"),
- },
- }
-func (d DataIndexHandler) MergePodSpec(podSpec corev1.PodSpec) (corev1.PodSpec, error) {
- c := podSpec.DeepCopy()
- err := mergo.Merge(c, d.platform.Spec.Services.DataIndex.PodTemplate.PodSpec.ToPodSpec(), mergo.WithOverride)
- return *c, err
-// hasPostgreSQLConfigured returns true when either the SonataFlow Platform PostgreSQL CR's structure or the one in the Data Index service specification is not nil
-func (d DataIndexHandler) hasPostgreSQLConfigured() bool {
- return d.IsServiceSetInSpec() &&
- ((d.platform.Spec.Services.DataIndex.Persistence != nil && d.platform.Spec.Services.DataIndex.Persistence.PostgreSQL != nil) ||
- (d.platform.Spec.Persistence != nil && d.platform.Spec.Persistence.PostgreSQL != nil))
-func (d DataIndexHandler) ConfigurePersistence(containerSpec *corev1.Container) *corev1.Container {
- if d.hasPostgreSQLConfigured() {
- p := persistence.RetrieveConfiguration(d.platform.Spec.Services.DataIndex.Persistence, d.platform.Spec.Persistence, d.GetServiceName())
- c := containerSpec.DeepCopy()
- c.Image = d.GetServiceImageName(constants.PersistenceTypePostgreSQL)
- c.Env = append(c.Env, persistence.ConfigurePostgreSQLEnv(p.PostgreSQL, d.GetServiceName(), d.platform.Namespace)...)
- // specific to DataIndex
- c.Env = append(c.Env, corev1.EnvVar{Name: quarkusHibernateORMDatabaseGeneration, Value: "update"}, corev1.EnvVar{Name: quarkusFlywayMigrateAtStart, Value: "true"})
- return c
- }
- return containerSpec
-func (d DataIndexHandler) MergeContainerSpec(containerSpec *corev1.Container) (*corev1.Container, error) {
- c := containerSpec.DeepCopy()
- err := mergo.Merge(c, d.platform.Spec.Services.DataIndex.PodTemplate.Container.ToContainer(), mergo.WithOverride)
- return c, err
-func (d DataIndexHandler) GetReplicaCount() int32 {
- if d.platform.Spec.Services.DataIndex.PodTemplate.Replicas != nil {
- return *d.platform.Spec.Services.DataIndex.PodTemplate.Replicas
- }
- return 1
-func (d DataIndexHandler) GetServiceCmName() string {
- return fmt.Sprintf("%s-props", d.GetServiceName())
-func (d DataIndexHandler) GenerateServiceProperties() (*properties.Properties, error) {
- props := properties.NewProperties()
- props.Set(constants.KogitoServiceURLProperty, d.GetLocalServiceBaseUrl())
- props.Set(constants.DataIndexKafkaSmallRyeHealthProperty, "false")
- return props, nil
-type JobServiceHandler struct {
- platform *operatorapi.SonataFlowPlatform
-func NewJobServiceHandler(platform *operatorapi.SonataFlowPlatform) PlatformServiceHandler {
- return JobServiceHandler{platform: platform}
-func (j JobServiceHandler) GetContainerName() string {
- return constants.JobServiceName
-func (j JobServiceHandler) GetServiceImageName(persistenceType constants.PersistenceType) string {
- if persistenceType == constants.PersistenceTypePostgreSQL && len(cfg.GetCfg().JobsServicePostgreSQLImageTag) > 0 {
- return cfg.GetCfg().JobsServicePostgreSQLImageTag
- }
- if persistenceType == constants.PersistenceTypeEphemeral && len(cfg.GetCfg().JobsServiceEphemeralImageTag) > 0 {
- return cfg.GetCfg().JobsServiceEphemeralImageTag
- }
- // returns "docker.io/apache/incubator-kie-kogito-jobs-service-:"
- return fmt.Sprintf("%s-%s-%s:%s", constants.KogitoImageNamePrefix, constants.JobServiceName, persistenceType.String(), version.GetKogitoImagesTagVersion())
-func (j JobServiceHandler) GetServiceName() string {
- return fmt.Sprintf("%s-%s", j.platform.Name, constants.JobServiceName)
-func (j JobServiceHandler) GetServiceCmName() string {
- return fmt.Sprintf("%s-props", j.GetServiceName())
-func (j JobServiceHandler) SetServiceUrlInPlatformStatus(clusterRefPlatform *operatorapi.SonataFlowPlatform) {
- psJS := NewJobServiceHandler(clusterRefPlatform)
- if !isServicesSet(j.platform) && psJS.IsServiceEnabledInSpec() {
- if j.platform.Status.ClusterPlatformRef != nil {
- if j.platform.Status.ClusterPlatformRef.Services == nil {
- j.platform.Status.ClusterPlatformRef.Services = &operatorapi.PlatformServicesStatus{}
- }
- j.platform.Status.ClusterPlatformRef.Services.JobServiceRef = &operatorapi.PlatformServiceRefStatus{
- Url: psJS.GetLocalServiceBaseUrl(),
- }
- }
- }
-func (j JobServiceHandler) SetServiceUrlInWorkflowStatus(workflow *operatorapi.SonataFlow) {
- if !profiles.IsDevProfile(workflow) && j.IsServiceEnabled() {
- if workflow.Status.Services == nil {
- workflow.Status.Services = &operatorapi.PlatformServicesStatus{}
- }
- workflow.Status.Services.JobServiceRef = &operatorapi.PlatformServiceRefStatus{
- Url: j.GetServiceBaseUrl(),
- }
- }
-func (j JobServiceHandler) IsServiceSetInSpec() bool {
- return isJobServiceSet(j.platform)
-func (j JobServiceHandler) IsServiceEnabledInSpec() bool {
- return isJobServiceEnabled(j.platform)
-func (j JobServiceHandler) isServiceEnabledInStatus() bool {
- return j.platform != nil && j.platform.Status.ClusterPlatformRef != nil &&
- j.platform.Status.ClusterPlatformRef.Services != nil && j.platform.Status.ClusterPlatformRef.Services.JobServiceRef != nil &&
- !isServicesSet(j.platform)
-func (j JobServiceHandler) IsServiceEnabled() bool {
- return j.IsServiceEnabledInSpec() || j.isServiceEnabledInStatus()
-func (j JobServiceHandler) GetServiceBaseUrl() string {
- if j.IsServiceEnabledInSpec() {
- return j.GetLocalServiceBaseUrl()
- }
- if j.isServiceEnabledInStatus() {
- return j.platform.Status.ClusterPlatformRef.Services.JobServiceRef.Url
- }
- return ""
-func (j JobServiceHandler) GetLocalServiceBaseUrl() string {
- return GenerateServiceURL(constants.JobServiceURLProtocol, j.platform.Namespace, j.GetServiceName())
-func (j JobServiceHandler) GetEnvironmentVariables() []corev1.EnvVar {
- return []corev1.EnvVar{
- {
- Value: "true",
- },
- {
- Value: "/.*/",
- },
- }
-func (j JobServiceHandler) GetPodResourceRequirements() corev1.ResourceRequirements {
- return corev1.ResourceRequirements{
- Requests: corev1.ResourceList{
- corev1.ResourceCPU: resource.MustParse("250m"),
- corev1.ResourceMemory: resource.MustParse("64Mi"),
- },
- Limits: corev1.ResourceList{
- corev1.ResourceCPU: resource.MustParse("500m"),
- corev1.ResourceMemory: resource.MustParse("1Gi"),
- },
- }
-func (j JobServiceHandler) GetReplicaCount() int32 {
- return 1
-func (j JobServiceHandler) MergeContainerSpec(containerSpec *corev1.Container) (*corev1.Container, error) {
- c := containerSpec.DeepCopy()
- err := mergo.Merge(c, j.platform.Spec.Services.JobService.PodTemplate.Container.ToContainer(), mergo.WithOverride)
- return c, err
-// hasPostgreSQLConfigured returns true when either the SonataFlow Platform PostgreSQL CR's structure or the one in the Job service specification is not nil
-func (j JobServiceHandler) hasPostgreSQLConfigured() bool {
- return j.IsServiceSetInSpec() &&
- ((j.platform.Spec.Services.JobService.Persistence != nil && j.platform.Spec.Services.JobService.Persistence.PostgreSQL != nil) ||
- (j.platform.Spec.Persistence != nil && j.platform.Spec.Persistence.PostgreSQL != nil))
-func (j JobServiceHandler) ConfigurePersistence(containerSpec *corev1.Container) *corev1.Container {
- if j.hasPostgreSQLConfigured() {
- c := containerSpec.DeepCopy()
- c.Image = j.GetServiceImageName(constants.PersistenceTypePostgreSQL)
- p := persistence.RetrieveConfiguration(j.platform.Spec.Services.JobService.Persistence, j.platform.Spec.Persistence, j.GetServiceName())
- c.Env = append(c.Env, persistence.ConfigurePostgreSQLEnv(p.PostgreSQL, j.GetServiceName(), j.platform.Namespace)...)
- // Specific to Job Service
- c.Env = append(c.Env, corev1.EnvVar{Name: "QUARKUS_FLYWAY_MIGRATE_AT_START", Value: "true"})
- return c
- }
- return containerSpec
-func (j JobServiceHandler) MergePodSpec(podSpec corev1.PodSpec) (corev1.PodSpec, error) {
- c := podSpec.DeepCopy()
- err := mergo.Merge(c, j.platform.Spec.Services.JobService.PodTemplate.PodSpec.ToPodSpec(), mergo.WithOverride)
- return *c, err
-func (j JobServiceHandler) GenerateServiceProperties() (*properties.Properties, error) {
- props := properties.NewProperties()
- props.Set(constants.KogitoServiceURLProperty, GenerateServiceURL(constants.KogitoServiceURLProtocol, j.platform.Namespace, j.GetServiceName()))
- props.Set(constants.JobServiceKafkaSmallRyeHealthProperty, "false")
- // add data source reactive URL
- if j.hasPostgreSQLConfigured() {
- p := persistence.RetrieveConfiguration(j.platform.Spec.Services.JobService.Persistence, j.platform.Spec.Persistence, j.GetServiceName())
- dataSourceReactiveURL, err := generateReactiveURL(p.PostgreSQL, j.GetServiceName(), j.platform.Namespace, constants.DefaultDatabaseName, constants.DefaultPostgreSQLPort)
- if err != nil {
- return nil, err
- }
- props.Set(constants.JobServiceDataSourceReactiveURL, dataSourceReactiveURL)
- }
- if isDataIndexEnabled(j.platform) {
- di := NewDataIndexHandler(j.platform)
- props.Set(constants.JobServiceStatusChangeEvents, "true")
- props.Set(constants.JobServiceStatusChangeEventsURL, di.GetLocalServiceBaseUrl()+"/jobs")
- }
- props.Sort()
- return props, nil
-func SetServiceUrlsInWorkflowStatus(pl *operatorapi.SonataFlowPlatform, workflow *operatorapi.SonataFlow) {
- tpsDI := NewDataIndexHandler(pl)
- tpsJS := NewJobServiceHandler(pl)
- workflow.Status.Services = nil
- tpsDI.SetServiceUrlInWorkflowStatus(workflow)
- tpsJS.SetServiceUrlInWorkflowStatus(workflow)
-func isDataIndexEnabled(platform *operatorapi.SonataFlowPlatform) bool {
- return isDataIndexSet(platform) && platform.Spec.Services.DataIndex.Enabled != nil &&
- *platform.Spec.Services.DataIndex.Enabled
-func isJobServiceEnabled(platform *operatorapi.SonataFlowPlatform) bool {
- return isJobServiceSet(platform) && platform.Spec.Services.JobService.Enabled != nil &&
- *platform.Spec.Services.JobService.Enabled
-func isDataIndexSet(platform *operatorapi.SonataFlowPlatform) bool {
- return isServicesSet(platform) && platform.Spec.Services.DataIndex != nil
-func isJobServiceSet(platform *operatorapi.SonataFlowPlatform) bool {
- return isServicesSet(platform) && platform.Spec.Services.JobService != nil
-func isServicesSet(platform *operatorapi.SonataFlowPlatform) bool {
- return platform != nil && platform.Spec.Services != nil
-func GenerateServiceURL(protocol string, namespace string, name string) string {
- var serviceUrl string
- if len(namespace) > 0 {
- serviceUrl = fmt.Sprintf("%s://%s.%s", protocol, name, namespace)
- } else {
- serviceUrl = fmt.Sprintf("%s://%s", protocol, name)
- }
- return serviceUrl
diff --git a/packages/sonataflow-operator/controllers/profiles/common/constants/platform_services.go b/packages/sonataflow-operator/controllers/profiles/common/constants/platform_services.go
deleted file mode 100644
index f6fceec9301..00000000000
--- a/packages/sonataflow-operator/controllers/profiles/common/constants/platform_services.go
+++ /dev/null
@@ -1,78 +0,0 @@
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package constants
-const (
- QuarkusHTTP = "quarkus-http"
- ConfigMapWorkflowPropsVolumeName = "workflow-properties"
- JobServiceRequestEventsURL = "mp.messaging.outgoing.kogito-job-service-job-request-events.url"
- JobServiceRequestEventsConnector = "mp.messaging.outgoing.kogito-job-service-job-request-events.connector"
- JobServiceStatusChangeEvents = "kogito.jobs-service.http.job-status-change-events"
- JobServiceStatusChangeEventsURL = "mp.messaging.outgoing.kogito-job-service-job-status-events-http.url"
- JobServiceURLProtocol = "http"
- JobServiceDataSourceReactiveURL = "quarkus.datasource.reactive.url"
- JobServiceJobEventsPath = "/v2/jobs/events"
- KogitoProcessInstancesEventsURL = "mp.messaging.outgoing.kogito-processinstances-events.url"
- KogitoProcessInstancesEventsEnabled = "kogito.events.processinstances.enabled"
- KogitoProcessInstancesEventsPath = "/processes"
- KogitoProcessDefinitionsEventsURL = "mp.messaging.outgoing.kogito-processdefinitions-events.url"
- KogitoProcessDefinitionsEventsEnabled = "kogito.events.processdefinitions.enabled"
- KogitoProcessDefinitionsEventsErrorsEnabled = "kogito.events.processdefinitions.errors.propagate"
- KogitoProcessDefinitionsEventsPath = "/definitions"
- KogitoUserTasksEventsEnabled = "kogito.events.usertasks.enabled"
- // KogitoDataIndexHealthCheckEnabled configures if a workflow must check for the data index availability as part
- // of its start health check.
- KogitoDataIndexHealthCheckEnabled = "kogito.data-index.health-enabled"
- // KogitoDataIndexURL configures the data index url, this value can be used internally by the workflow.
- KogitoDataIndexURL = "kogito.data-index.url"
- KogitoDataIndexQuarkusDevUICors = "%dev.quarkus.dev-ui.cors.enabled"
- // KogitoJobServiceHealthCheckEnabled configures if a workflow must check for the job service availability as part
- // of its start health check.
- KogitoJobServiceHealthCheckEnabled = "kogito.jobs-service.health-enabled"
- // KogitoJobServiceURL configures the jobs service, this value can be used internally by the workflow.
- KogitoJobServiceURL = "kogito.jobs-service.url"
- KogitoServiceURLProperty = "kogito.service.url"
- KogitoServiceURLProtocol = "http"
- DataIndexKafkaSmallRyeHealthProperty = `quarkus.smallrye-health.check."io.quarkus.kafka.client.health.KafkaHealthCheck".enabled`
- JobServiceKafkaSmallRyeHealthProperty = `quarkus.smallrye-health.check."org.kie.kogito.jobs.service.messaging.http.health.knative.KSinkInjectionHealthCheck".enabled`
- DataIndexServiceName = "data-index-service"
- JobServiceName = "jobs-service"
- ImageNamePrefix = "docker.io/apache/incubator-kie-kogito"
- KogitoImageNamePrefix = "docker.io/apache/incubator-kie-kogito"
- DataIndexName = "data-index"
- DefaultDatabaseName string = "sonataflow"
- DefaultPostgreSQLPort int = 5432
-type PersistenceType string
-const (
- PersistenceTypePostgreSQL PersistenceType = "postgresql"
- PersistenceTypeEphemeral PersistenceType = "ephemeral"
-func (p PersistenceType) String() string {
- return string(p)
diff --git a/packages/sonataflow-operator/controllers/profiles/preview/deployment_handler.go b/packages/sonataflow-operator/controllers/profiles/preview/deployment_handler.go
deleted file mode 100644
index 7a6947c964f..00000000000
--- a/packages/sonataflow-operator/controllers/profiles/preview/deployment_handler.go
+++ /dev/null
@@ -1,131 +0,0 @@
-// Copyright 2023 Red Hat, Inc. and/or its affiliates
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-package preview
-import (
- "context"
- v1 "k8s.io/api/core/v1"
- ctrl "sigs.k8s.io/controller-runtime"
- "sigs.k8s.io/controller-runtime/pkg/client"
- "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
- "sigs.k8s.io/controller-runtime/pkg/reconcile"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
-type DeploymentReconciler struct {
- *common.StateSupport
- ensurers *ObjectEnsurers
-func NewDeploymentReconciler(stateSupport *common.StateSupport, ensurer *ObjectEnsurers) *DeploymentReconciler {
- return &DeploymentReconciler{
- StateSupport: stateSupport,
- ensurers: ensurer,
- }
-func (d *DeploymentReconciler) Reconcile(ctx context.Context, workflow *operatorapi.SonataFlow) (reconcile.Result, []client.Object, error) {
- return d.reconcileWithBuiltImage(ctx, workflow, "")
-func (d *DeploymentReconciler) reconcileWithBuiltImage(ctx context.Context, workflow *operatorapi.SonataFlow, image string) (reconcile.Result, []client.Object, error) {
- pl, _ := platform.GetActivePlatform(ctx, d.C, workflow.Namespace)
- userPropsCM, _, err := d.ensurers.userPropsConfigMap.Ensure(ctx, workflow)
- if err != nil {
- workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.ExternalResourcesNotFoundReason, "Unable to retrieve the user properties config map")
- _, err = d.PerformStatusUpdate(ctx, workflow)
- return ctrl.Result{}, nil, err
- }
- managedPropsCM, _, err := d.ensurers.managedPropsConfigMap.Ensure(ctx, workflow, pl,
- common.ManagedPropertiesMutateVisitor(ctx, d.StateSupport.Catalog, workflow, pl, userPropsCM.(*v1.ConfigMap)))
- if err != nil {
- workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.ExternalResourcesNotFoundReason, "Unable to retrieve the managed properties config map")
- _, err = d.PerformStatusUpdate(ctx, workflow)
- return ctrl.Result{}, nil, err
- }
- deployment, deploymentOp, err :=
- d.ensurers.deployment.Ensure(
- ctx,
- workflow,
- pl,
- d.getDeploymentMutateVisitors(workflow, pl, image, userPropsCM.(*v1.ConfigMap), managedPropsCM.(*v1.ConfigMap))...,
- )
- if err != nil {
- workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.DeploymentUnavailableReason, "Unable to perform the deploy due to ", err)
- _, err = d.PerformStatusUpdate(ctx, workflow)
- return reconcile.Result{}, nil, err
- }
- service, _, err := d.ensurers.service.Ensure(ctx, workflow, common.ServiceMutateVisitor(workflow))
- if err != nil {
- workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.DeploymentUnavailableReason, "Unable to make the service available due to ", err)
- _, err = d.PerformStatusUpdate(ctx, workflow)
- return reconcile.Result{}, nil, err
- }
- knativeObjs, err := common.NewKnativeEventingHandler(d.StateSupport).Ensure(ctx, workflow)
- if err != nil {
- return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, nil, err
- }
- objs := []client.Object{deployment, service, managedPropsCM}
- objs = append(objs, knativeObjs...)
- if deploymentOp == controllerutil.OperationResultCreated {
- workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.WaitingForDeploymentReason, "")
- if _, err := d.PerformStatusUpdate(ctx, workflow); err != nil {
- return reconcile.Result{Requeue: false}, nil, err
- }
- return reconcile.Result{RequeueAfter: constants.RequeueAfterFollowDeployment, Requeue: true}, objs, nil
- }
- // Follow deployment status
- result, err := common.DeploymentManager(d.C).SyncDeploymentStatus(ctx, workflow)
- if err != nil {
- return reconcile.Result{Requeue: false}, nil, err
- }
- if _, err := d.PerformStatusUpdate(ctx, workflow); err != nil {
- return reconcile.Result{Requeue: false}, nil, err
- }
- return result, objs, nil
-func (d *DeploymentReconciler) getDeploymentMutateVisitors(
- workflow *operatorapi.SonataFlow,
- plf *operatorapi.SonataFlowPlatform,
- image string,
- userPropsCM *v1.ConfigMap,
- managedPropsCM *v1.ConfigMap) []common.MutateVisitor {
- if utils.IsOpenShift() {
- return []common.MutateVisitor{common.DeploymentMutateVisitor(workflow, plf),
- mountProdConfigMapsMutateVisitor(workflow, userPropsCM, managedPropsCM),
- addOpenShiftImageTriggerDeploymentMutateVisitor(workflow, image),
- common.ImageDeploymentMutateVisitor(workflow, image),
- common.RolloutDeploymentIfCMChangedMutateVisitor(workflow, userPropsCM, managedPropsCM),
- }
- }
- return []common.MutateVisitor{common.DeploymentMutateVisitor(workflow, plf),
- common.ImageDeploymentMutateVisitor(workflow, image),
- mountProdConfigMapsMutateVisitor(workflow, userPropsCM, managedPropsCM),
- common.RolloutDeploymentIfCMChangedMutateVisitor(workflow, userPropsCM, managedPropsCM)}
diff --git a/packages/sonataflow-operator/docs/CONTRIBUTING.md b/packages/sonataflow-operator/docs/CONTRIBUTING.md
deleted file mode 100644
index 2af83748b5f..00000000000
--- a/packages/sonataflow-operator/docs/CONTRIBUTING.md
+++ /dev/null
@@ -1,256 +0,0 @@
-# We love contributions!
-- [We love contributions!](#we-love-contributions)
- - [How can I contribute?](#how-can-i-contribute)
- - [Contributing to the SonataFlow Operator codebase](#contributing-to-the-sonataflow-operator-codebase)
- - [Contributing to the SonataFlow Operator](#contributing-to-the-sonataflow-operator)
- - [Prerequisites](#prerequisites)
- - [Getting Started](#getting-started)
- - [Test It Out locally](#test-it-out-locally)
- - [How-tos](#how-tos)
- - [Modifying the API definitions](#modifying-the-api-definitions)
- - [Building](#building)
- - [Deploy](#deploy)
- - [Undeploy](#undeploy)
- - [Running the operator on the cluster](#running-the-operator-on-the-cluster)
- - [Configuration](#configuration)
- - [Customize Builder Image](#customize-builder-image)
-- [Development status](#development-status)
- - [General notes](#general-notes)
- - [Workflow CR](#workflow-cr)
- - [Platform CR](#platform-cr)
- - [Improvements](#improvements)
-- [Tekton Pipeline to build and deploy the Operator](#tekton-pipeline-to-build-and-deploy-the-operator)
-## How can I contribute?
-There are many ways you can contribute to SonataFlow Operator, not only software development, as well as
-with the rest of Kogito community:
-- Contribute actively to development (see the section below)
-- Use it and report any feedback, improvement or bug you may find via Github, mailing list or chat.
-- Contribute by writing missing documentation or blog posts about the features around Kogito
-- Tweet, like and socialize Kogito in your preferred social network
-- Enjoy the talks that the contributors submit in various conferences around the world
-## Contributing to the SonataFlow Operator codebase
-The main project is written in go.
-SonataFlow Operator is built on top of Kubernetes through Custom Resource Definitions.
-- Workflow
-- Platform
-- Build
-This project aims to follow the
-Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)
-It uses [Controllers](https://kubernetes.io/docs/concepts/architecture/controller/)
-which provides a reconcile function responsible for synchronizing resources untile the desired state is reached on the
-## Contributing to the SonataFlow Operator
-### Prerequisites
-The Operator's controllers and the configurations are generated using the Operator sdk, the tasks are executed using a
-More information about annotations can be found via
-the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html)
-In order to build the project, you need to comply with the following requirements:
-- [operator-sdk-v1.25.0+](https://sdk.operatorframework.io/docs/building-operators/golang/installation/)
-- [Go 1.21+](https://go.dev/dl/)
-- [Kubebuilder 3.7.0+](https://github.com/kubernetes-sigs/kubebuilder/releases)
-- [CEKit 4.8.0+](https://cekit.io/)
-GNU Make:
-Used to define composite build actions. This should be already installed or available as a
-package (https://www.gnu.org/software/make/).
-> **NOTE:** Run `make help` for more information on all potential `make` targets
-### Getting Started
-You’ll need a Kubernetes cluster to run against. You can use:
-- [KIND](https://sigs.k8s.io/kind)
-- [MINIKUBE](https://minikube.sigs.k8s.io)
-- [Openshift Local](https://console.redhat.com/openshift/create/local)
-- [Openshift-developer-sandbox-trial](https://www.redhat.com/en/technologies/cloud-computing/openshift/openshift-developer-sandbox-trial)
-> **NOTE:** Your controller will automatically use the current context in your kubeconfig file (i.e. whatever
-> cluster `kubectl cluster-info` shows).
-> **IMPORTANT**: Please make sure that your [kubectl](https://kubernetes.io/docs/tasks/tools/) is version 1.24.0 or
-> later
-> since there's a bug performing validation on default attributes in Custom Resources.
-### Test It Out locally
-You can launch the operator locally and bind to your cluster.
-1. Install the CRDs into the cluster:
-make install
-2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):
-```sh Kubernetes cluster to run against. You can use:
-make run
-> **NOTE:** You can also run this in one step by running: `make install run`
-> **NOTE:** Run `make help` for more information on all potential `make` targets
-More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html)
-### How-tos
-#### Modifying the API definitions
-If you are editing the API definitions, generate the manifests such as CRs or CRDs using:
-make manifests
-#### Building
-make container-build
-#### Deploy
-make deploy
-#### Undeploy
-make undeploy
-### Change log level
-By Default the log level is set to show only ERRORS with
-- "--v=0"
-inside the manager_auth_proxy_patch.yaml in the containers' section of kube-rbac-proxy and manager.
-With the
-make generate-all
-whese values will be replicated on operator.yaml and on sonataflow-operator.clusterserviceversion.yaml containers' sections.
-If you want to see the INFO msg replace v=0 with v=2 in the files during the development or in the deployment files on the cluster
-The available levels are:
-- v=0 > Error
-- v=1 > Warning
-- v=2 >Info
-- v=3 > Debug
-### Running the operator on the cluster
-See the section on [README](../README.md#getting-started)
-### Configuration
-A configmap called `sonataflow-operator-builder-config` will be created under the `sonataflow-operator-system` namespace
-when the Operator will be installed, and it contains:
-- Dockerfile = ``
-## Customize Builder Image
-At the startup a [Dockerfile](../config/manager/SonataFlow-Builder.containerfile) is placed in a configmap. This
-Dockerfile uses a base image
-called [sonataflow-builder](https://github.com/kiegroup/kogito-images/tree/master/modules/sonataflow-builder) with:
-- openjdk 11+
-- maven 3.8.6+
-- a Quarkus project `/home/kogito/serverless-workflow-project` with those extensions:
- - quarkus-kubernetes
- - kogito-quarkus-serverless-workflow
- - kogito-addons-quarkus-knative-eventing
-- all the dependencies of Quarkus and the extensions stored in the `/home/kogito/.m2` directory in the image.
-There are, in the base image, some additional scripts in case of need to apply changes like this:
-- add other quarkus extensions in `/home/kogito/launch/add-extension.sh`
-- build the project after adding other files/java classes in `/home/kogito/launch/build-app.sh`
-- create a new project in `/home/kogito/launch/create-app.sh`
-You can customize your final Image changing the Dockerfile in the configmap sonataflow-operator-builder-config
-accordingly to your specific needs.
-# Development status
-## General notes
-### Workflow CR
-- At the moment we are supporting only deployment of services on Kubernetes
-### Platform CR
-- The only tested features are the ones related to the docker Registry customization and so:
- apiVersion: sonataflow.org/v1alpha08
- kind: SonataFlowPlatform
- metadata:
- name: greeting-workflow-platform
- spec:
- platform:
- registry:
- address: // the URI to access
- secret: // the secret where credentials are stored
- insecure: true // if the container registry is insecure (ie, http only)
- ca: // the configmap which stores the Certificate Authority
- organization: // the registry organization
-## Improvements
-- Introduce actions into Workflow and Build controller to improve code clarity
-- Add Trait to the Platform CR in order to be able to deploy on different context (i.e. KNative)
-- Test the Kaniko cache feature
-- Improve the workflow converters in order to support all the SonataFlow Workflow features
-# Tekton Pipeline to build and deploy the Operator
-Setup a [pipeline](docs/PIPELINE.md) on a Openshift cluster.
diff --git a/packages/sonataflow-operator/docs/PIPELINE.md b/packages/sonataflow-operator/docs/PIPELINE.md
deleted file mode 100644
index 786eab00093..00000000000
--- a/packages/sonataflow-operator/docs/PIPELINE.md
+++ /dev/null
@@ -1,144 +0,0 @@
-## Install and configure a Tekton pipeline on Openshift
-1. Install Red Hat OpenShift Pipelines on `latest` channel from the Operator Hub using the Openshift UI
-2. If you want interact via cli with the pipeline you can install locally Tekton cli
- To interact with the pipelines, you can download from the details of the operator installed (i.e. crc link) :
- https://tkn-cli-serve-openshift-pipelines.apps-crc.testing/tkn/tkn-linux-amd64.tar.gz
- The version proposed by the Operator is correctly aligned version with the tekton version.
-3. If isn't yet created, create the project `sonataflow-operator-system`
-oc new-project sonataflow-operator-system
-4. Install the Tekton `kubernetes-actions` task
-kubectl apply -f https://api.hub.tekton.dev/v1/resource/tekton/task/kubernetes-actions/0.2/raw
-5. Apply the cluster role and cluster role binding
-kubectl create -f tekton/role/cluster_role.yaml
-kubectl create -f tekton/role/cluster_role_binding.yaml
-6. Create the pipeline
-kubectl apply -f tekton/pipeline/kogito_serverless_operator_pipeline.yaml
-7. Create a pipeline run
-kubectl apply -f tekton/pipeline/kogito_serverless_operator_pipeline_run.yaml
-or with the Tekton cli:
-tkn pipeline start sonataflow-operator-pipeline \
- -w name=shared-workspace,volumeClaimTemplateFile=https://raw.githubusercontent.com/apache/incubator-kie-sonataflow-operator/main/tekton/volume/persistent_volume.yaml \
- -p deployment-name=sonataflow-operator \
- -p git-url=https://github.com/apache/incubator-kie-tools/packages/sonataflow-operator.git \
- -p git-revision=main \
- -p IMAGE='image-registry.openshift-image-registry.svc:5000/sonataflow-operator-system/sonataflow-operator:latest' \
- --use-param-defaults
-8. Check the Pipeline execution
-Open the Pipeline menu under the namespace/project `sonataflow-operator-system`
-or with the Tekton cli (use the pipeline run id):
-tkn pipelinerun logs sonataflow-operator-pipeline-run- -f -n
-### How to see the content of the workspace
-1. Create the task `show_workspace_content`
-kubectl apply -f tekton/task/show_workspace_content.yaml
-2. Add the task `show-workspace` in the pipeline after the `fetch-repository` or `build-image`
-### How to redeploy
-Go to the pipeline runs and ask for a rerun of a previous pipeline run
-## Trigger the pipeline on GithubEvents
-1. Create the trigger binding
-oc create -f tekton/trigger/trigger_binding.yaml
-2. Create the trigger template
-oc create -f tekton/trigger/trigger_template.yaml
-3. Create the trigger resource
-oc create -f tekton/trigger/trigger_resource.yaml
-4. Add a label to enable the secure HTTPS connection to the Eventlistener resource
-oc label namespace sonataflow-operator-system operator.tekton.dev/enable-annotation=enabled
-5. Create the Event listener trigger
-oc create -f tekton/trigger/trigger_event_listener.yaml
-6. Create a route with the re-encrypted TLS termination
-oc create route reencrypt --service=el-sonataflow-operator-webhook --cert=tls.crt --key=tls.key --ca-cert=ca.crt --hostname=
-7. Check the webhook
-tkn el -n sonataflow-operator-pipeline ls
-kubectl get pods,svc -n sonataflow-operator-pipeline -l eventlistener=sonataflow-operator-webhook
-8. Add a webhook in your github/gitlab repo with the url of the listener on openshift
-9. Authenticating pipelines using git secret
- https://docs.openshift.com/container-platform/4.12/cicd/pipelines/authenticating-pipelines-using-git-secret.html
diff --git a/packages/sonataflow-operator/env/index.js b/packages/sonataflow-operator/env/index.js
index fdb5568d930..85a7e1b3d2a 100644
--- a/packages/sonataflow-operator/env/index.js
+++ b/packages/sonataflow-operator/env/index.js
@@ -21,6 +21,10 @@ const { varsWithName, composeEnv, getOrDefault } = require("@kie-tools-scripts/b
const sonataflowBuilderImageEnv = require("@kie-tools/sonataflow-builder-image/env");
const sonataflowDevModeImageEnv = require("@kie-tools/sonataflow-devmode-image/env");
+const kogitoJobsServiceEphemeralImageEnv = require("@kie/kogito-jobs-service-ephemeral-image/env");
+const kogitoJobsServicePostgresqlImageEnv = require("@kie/kogito-jobs-service-postgresql-image/env");
+const kogitoDataIndexEphemeralImageEnv = require("@kie/kogito-data-index-ephemeral-image/env");
+const kogitoDataIndexPostgresqlImageEnv = require("@kie/kogito-data-index-postgresql-image/env");
const rootEnv = require("@kie-tools/root-env/env");
module.exports = composeEnv([rootEnv, sonataflowBuilderImageEnv, sonataflowDevModeImageEnv], {
@@ -49,10 +53,26 @@ module.exports = composeEnv([rootEnv, sonataflowBuilderImageEnv, sonataflowDevMo
default: `${sonataflowDevModeImageEnv.env.sonataflowDevModeImage.registry}/${sonataflowDevModeImageEnv.env.sonataflowDevModeImage.account}/${sonataflowDevModeImageEnv.env.sonataflowDevModeImage.name}:${sonataflowDevModeImageEnv.env.sonataflowDevModeImage.buildTag}`,
description: "Sonataflow DevMode image",
+ SONATAFLOW_OPERATOR__kogitoJobsServiceEphemeralImage: {
+ default: `${kogitoJobsServiceEphemeralImageEnv.env.kogitoJobsServiceEphemeralImage.registry}/${kogitoJobsServiceEphemeralImageEnv.env.kogitoJobsServiceEphemeralImage.account}/${kogitoJobsServiceEphemeralImageEnv.env.kogitoJobsServiceEphemeralImage.name}:${kogitoJobsServiceEphemeralImageEnv.env.kogitoJobsServiceEphemeralImage.buildTag}`,
+ description: "Kogito Jobs Service Ephemeral image",
+ },
+ SONATAFLOW_OPERATOR__kogitoJobsServicePostgresqlImage: {
+ default: `${kogitoJobsServicePostgresqlImageEnv.env.kogitoJobsServicePostgresqlImage.registry}/${kogitoJobsServicePostgresqlImageEnv.env.kogitoJobsServicePostgresqlImage.account}/${kogitoJobsServicePostgresqlImageEnv.env.kogitoJobsServicePostgresqlImage.name}:${kogitoJobsServicePostgresqlImageEnv.env.kogitoJobsServicePostgresqlImage.buildTag}`,
+ description: "Kogito Jobs Service PostgreSQL image",
+ },
+ SONATAFLOW_OPERATOR__kogitoDataIndexEphemeralImage: {
+ default: `${kogitoDataIndexEphemeralImageEnv.env.kogitoDataIndexEphemeralImage.registry}/${kogitoDataIndexEphemeralImageEnv.env.kogitoDataIndexEphemeralImage.account}/${kogitoDataIndexEphemeralImageEnv.env.kogitoDataIndexEphemeralImage.name}:${kogitoDataIndexEphemeralImageEnv.env.kogitoDataIndexEphemeralImage.buildTag}`,
+ description: "Kogito Data Index Ephemeral image",
+ },
+ SONATAFLOW_OPERATOR__kogitoDataIndexPostgresqlImage: {
+ default: `${kogitoDataIndexPostgresqlImageEnv.env.kogitoDataIndexPostgresqlImage.registry}/${kogitoDataIndexPostgresqlImageEnv.env.kogitoDataIndexPostgresqlImage.account}/${kogitoDataIndexPostgresqlImageEnv.env.kogitoDataIndexPostgresqlImage.name}:${kogitoDataIndexPostgresqlImageEnv.env.kogitoDataIndexPostgresqlImage.buildTag}`,
+ description: "Kogito Data Index PostgreSQL image",
+ },
get env() {
return {
- sontaflowOperator: {
+ sonataFlowOperator: {
registry: getOrDefault(this.vars.SONATAFLOW_OPERATOR__registry),
account: getOrDefault(this.vars.SONATAFLOW_OPERATOR__account),
name: getOrDefault(this.vars.SONATAFLOW_OPERATOR__name),
@@ -60,6 +80,10 @@ module.exports = composeEnv([rootEnv, sonataflowBuilderImageEnv, sonataflowDevMo
version: require("../package.json").version,
sonataflowBuilderImage: getOrDefault(this.vars.SONATAFLOW_OPERATOR__sonataflowBuilderImage),
sonataflowDevModeImage: getOrDefault(this.vars.SONATAFLOW_OPERATOR__sonataflowDevModeImage),
+ kogitoJobsServiceEphemeralImage: getOrDefault(this.vars.SONATAFLOW_OPERATOR__kogitoJobsServiceEphemeralImage),
+ kogitoJobsServicePostgresqlImage: getOrDefault(this.vars.SONATAFLOW_OPERATOR__kogitoJobsServicePostgresqlImage),
+ kogitoDataIndexEphemeralImage: getOrDefault(this.vars.SONATAFLOW_OPERATOR__kogitoDataIndexEphemeralImage),
+ kogitoDataIndexPostgresqlImage: getOrDefault(this.vars.SONATAFLOW_OPERATOR__kogitoDataIndexPostgresqlImage),
diff --git a/packages/sonataflow-operator/go.mod b/packages/sonataflow-operator/go.mod
index f9433696a96..3840aaa295a 100644
--- a/packages/sonataflow-operator/go.mod
+++ b/packages/sonataflow-operator/go.mod
@@ -1,6 +1,6 @@
module github.com/apache/incubator-kie-tools/packages/sonataflow-operator
-go 1.21
+go 1.22.0
// Internal dependencies
replace (
@@ -11,125 +11,125 @@ replace (
// Direct dependencies (please keep organized, no indirects)
require (
- github.com/RHsyseng/operator-utils v1.4.13
github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api v0.0.0
github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder v0.0.0
github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj v0.0.0
- github.com/go-logr/logr v1.2.4 // indirect
+ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
+ github.com/go-logr/logr v1.4.2 // indirect
+ github.com/imdario/mergo v0.3.16
github.com/magiconair/properties v1.8.7
- github.com/onsi/ginkgo/v2 v2.13.0
- github.com/onsi/gomega v1.30.0
- github.com/openshift/api v0.0.0-20230522130544-0eef84f63102
- github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb
+ github.com/onsi/ginkgo/v2 v2.19.0
+ github.com/onsi/gomega v1.33.1
+ github.com/openshift/api v0.0.0-20240618205917-987b8890c273
+ github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87
github.com/pkg/errors v0.9.1
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.55.1
- github.com/serverlessworkflow/sdk-go/v2 v2.2.5
- github.com/stretchr/testify v1.8.4
- k8s.io/api v0.27.6
- k8s.io/apimachinery v0.27.6
- k8s.io/client-go v0.27.6
+ github.com/serverlessworkflow/sdk-go/v2 v2.4.2
+ github.com/stretchr/testify v1.9.0
+ k8s.io/api v0.31.1
+ k8s.io/apimachinery v0.31.1
+ k8s.io/client-go v0.31.1
+ k8s.io/klog/v2 v2.130.1
+ k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
+ knative.dev/eventing v0.39.4
knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c
- knative.dev/serving v0.39.0
- sigs.k8s.io/controller-runtime v0.15.0
- sigs.k8s.io/yaml v1.3.0
-require (
- github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
- github.com/imdario/mergo v0.3.16
- k8s.io/klog/v2 v2.100.1
- knative.dev/eventing v0.26.0
+ knative.dev/serving v0.39.4
+ sigs.k8s.io/controller-runtime v0.19.0
+ sigs.k8s.io/yaml v1.4.0
require (
contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect
contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect
+ github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blendle/zapdriver v1.3.1 // indirect
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
- github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/cespare/xxhash/v2 v2.3.0 // indirect
+ github.com/cloudevents/sdk-go/sql/v2 v2.13.0 // indirect
github.com/cloudevents/sdk-go/v2 v2.15.2 // indirect
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 // indirect
- github.com/emicklei/go-restful/v3 v3.10.2 // indirect
- github.com/evanphx/json-patch v5.6.0+incompatible // indirect
- github.com/evanphx/json-patch/v5 v5.7.0 // indirect
- github.com/fsnotify/fsnotify v1.6.0 // indirect
- github.com/ghodss/yaml v1.0.0 // indirect
+ github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+ github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+ github.com/fsnotify/fsnotify v1.7.0 // indirect
+ github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+ github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/go-kit/log v0.2.1 // indirect
github.com/go-logfmt/logfmt v0.6.0 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
- github.com/go-playground/locales v0.14.0 // indirect
- github.com/go-playground/universal-translator v0.18.0 // indirect
- github.com/go-playground/validator/v10 v10.11.1 // indirect
- github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+ github.com/go-playground/locales v0.14.1 // indirect
+ github.com/go-playground/universal-translator v0.18.1 // indirect
+ github.com/go-playground/validator/v10 v10.22.1 // indirect
+ github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- github.com/golang/protobuf v1.5.3 // indirect
- github.com/google/gnostic v0.6.9 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
+ github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-containerregistry v0.13.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
- github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 // indirect
- github.com/google/uuid v1.3.1 // indirect
- github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
+ github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect
+ github.com/google/uuid v1.6.0 // indirect
+ github.com/gorilla/websocket v1.5.0 // indirect
+ github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/jpillora/backoff v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kelseyhightower/envconfig v1.4.0 // indirect
- github.com/leodido/go-urn v1.2.1 // indirect
+ github.com/leodido/go-urn v1.4.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
- github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
- github.com/moby/spdystream v0.2.0 // indirect
+ github.com/moby/spdystream v0.4.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/pb33f/libopenapi v0.8.4 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
- github.com/prometheus/client_golang v1.17.0 // indirect
- github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
- github.com/prometheus/common v0.44.0 // indirect
- github.com/prometheus/procfs v0.11.1 // indirect
+ github.com/prometheus/client_golang v1.19.1 // indirect
+ github.com/prometheus/client_model v0.6.1 // indirect
+ github.com/prometheus/common v0.55.0 // indirect
+ github.com/prometheus/procfs v0.15.1 // indirect
github.com/prometheus/statsd_exporter v0.22.7 // indirect
- github.com/relvacode/iso8601 v1.3.0 // indirect
+ github.com/relvacode/iso8601 v1.4.0 // indirect
github.com/rickb777/date v1.13.0 // indirect
github.com/rickb777/plural v1.2.1 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 // indirect
- github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46 // indirect
+ github.com/sosodev/duration v1.3.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect
+ github.com/x448/float16 v0.8.4 // indirect
go.opencensus.io v0.24.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
- golang.org/x/crypto v0.21.0 // indirect
- golang.org/x/net v0.23.0 // indirect
- golang.org/x/oauth2 v0.13.0 // indirect
- golang.org/x/sync v0.4.0 // indirect
- golang.org/x/sys v0.18.0 // indirect
- golang.org/x/term v0.18.0 // indirect
- golang.org/x/text v0.14.0 // indirect
- golang.org/x/time v0.3.0 // indirect
- golang.org/x/tools v0.14.0 // indirect
+ golang.org/x/crypto v0.28.0 // indirect
+ golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 // indirect
+ golang.org/x/net v0.28.0 // indirect
+ golang.org/x/oauth2 v0.21.0 // indirect
+ golang.org/x/sync v0.8.0 // indirect
+ golang.org/x/sys v0.26.0 // indirect
+ golang.org/x/term v0.25.0 // indirect
+ golang.org/x/text v0.19.0 // indirect
+ golang.org/x/time v0.5.0 // indirect
+ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
- google.golang.org/api v0.147.0 // indirect
- google.golang.org/appengine v1.6.7 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
- google.golang.org/grpc v1.58.3 // indirect
- google.golang.org/protobuf v1.33.0 // indirect
+ google.golang.org/api v0.169.0 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+ google.golang.org/grpc v1.65.0 // indirect
+ google.golang.org/protobuf v1.34.2 // indirect
+ gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- k8s.io/apiextensions-apiserver v0.27.6 // indirect
- k8s.io/component-base v0.27.6 // indirect
- k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 // indirect
- k8s.io/utils v0.0.0-20230711102312-30195339c3c7 // indirect
+ k8s.io/apiextensions-apiserver v0.31.0 // indirect
+ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
knative.dev/networking v0.0.0-20231017124814-2a7676e912b7 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
diff --git a/packages/sonataflow-operator/go.sum b/packages/sonataflow-operator/go.sum
index 6840954e565..f4d970a08a6 100644
--- a/packages/sonataflow-operator/go.sum
+++ b/packages/sonataflow-operator/go.sum
@@ -13,7 +13,6 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV
cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -22,7 +21,6 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -34,34 +32,11 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d h1:LblfooH1lKOpp1hIhukktmSAxFkqMPFk9KR6iZ0MJNI=
contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d/go.mod h1:IshRmMJBhDfFj5Y67nVhMYTTIze91RUeT73ipWKs/GY=
-contrib.go.opencensus.io/exporter/prometheus v0.4.0/go.mod h1:o7cosnyfuPVK0tB8q0QmaQNhGnptITnPQB+z1+qeFB0=
contrib.go.opencensus.io/exporter/prometheus v0.4.2 h1:sqfsYl5GIY/L570iT+l93ehxaWJs2/OwXtiWwew3oAg=
contrib.go.opencensus.io/exporter/prometheus v0.4.2/go.mod h1:dvEHbiKmgvbr5pjaF9fpw1KeYcjrnC1J8B+JKjsZyRQ=
-contrib.go.opencensus.io/exporter/zipkin v0.1.2/go.mod h1:mP5xM3rrgOjpn79MM8fZbj3gsxcuytSqtH0dxSWW1RE=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/RHsyseng/operator-utils v1.4.13 h1:kCsvBXm1Y3AEfzjioUvk/RmOigM/+czd/U5YQ3SZXx8=
-github.com/RHsyseng/operator-utils v1.4.13/go.mod h1:f+GrcLNALoHBPonk3P6KCwPK5kYyHhkqj4vuCP2Eijc=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210420163308-c1402a70e2f1/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8=
-github.com/alecthomas/jsonschema v0.0.0-20180308105923-f2c93856175a/go.mod h1:qpebaTNSsyUn5rPSJMsfqEtDw71TTggXM6stUDI16HA=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -69,112 +44,58 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
+github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/blendle/zapdriver v1.3.1 h1:C3dydBOWYRiOk+B8X9IVZ5IOe+7cl+tGOexN4QqHfpE=
github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc=
-github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b/go.mod h1:ac9efd0D1fsDb3EJvhqgXRbFx7bs2wqZ10HQPeU8U/Q=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/c2h5oh/datasize v0.0.0-20171227191756-4eba002a5eae/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudevents/conformance v0.2.0/go.mod h1:rHKDwylBH89Rns6U3wL9ww8bg9/4GbwRCDNuyoC6bcc=
-github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.4.1/go.mod h1:lhEpxMrIUkeu9rVRgoAbyqZ8GR8Hd3DUy+thHUxAHoI=
-github.com/cloudevents/sdk-go/v2 v2.4.1/go.mod h1:MZiMwmAh5tGj+fPFvtHv9hKurKqXtdB9haJYMJ/7GJY=
+github.com/cloudevents/sdk-go/sql/v2 v2.13.0 h1:gMJvQ3XFkygY9JmrusgK80d9yRAb8+J3X8IA1OC+oc0=
+github.com/cloudevents/sdk-go/sql/v2 v2.13.0/go.mod h1:XZRQBCgRreddIpQrdjBJQUrRg3BCs3aikplJQkHrK44=
github.com/cloudevents/sdk-go/v2 v2.15.2 h1:54+I5xQEnI73RBhWHxbI1XJcqOFOVJN85vb41+8mHUc=
github.com/cloudevents/sdk-go/v2 v2.15.2/go.mod h1:lL7kSWAE/V8VI4Wh0jbL2v/jvqsm6tjmaQBSvxcv4uE=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-gk v0.0.0-20140819190930-201884a44051/go.mod h1:qm+vckxRlDt0aOla0RYJJVeqHZlWfOm2UIxHaqPB46E=
-github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654/go.mod h1:qm+vckxRlDt0aOla0RYJJVeqHZlWfOm2UIxHaqPB46E=
-github.com/dgryski/go-lttb v0.0.0-20180810165845-318fcdf10a77/go.mod h1:Va5MyIzkU0rAM92tn3hb3Anb7oz7KcnixF49+2wOMe4=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960/go.mod h1:9HQzr9D/0PGwMEbC3d5AB7oi67+h4TsQqItC1GVYG58=
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 h1:PRxIJD8XjimM5aTknUK9w6DHLDox2r2M3DI4i2pnd3w=
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936/go.mod h1:ttYvX5qlB+mlV1okblJqcSMtR4c52UKxDiX9GRBS8+Q=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE=
-github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
-github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -191,63 +112,34 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
-github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/spec v0.19.5/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
-github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
-github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
+github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
-github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc=
-github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
-github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -276,22 +168,12 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/gonum/blas v0.0.0-20181208220705-f22b278b28ac/go.mod h1:P32wAyui1PQ58Oce/KYkOqQv8cVw1zAapXOl+dRFGbc=
-github.com/gonum/diff v0.0.0-20181124234638-500114f11e71/go.mod h1:22dM4PLscQl+Nzf64qNBurVJvfyvZELT0iRW2l/NN70=
-github.com/gonum/floats v0.0.0-20181209220543-c233463c7e82/go.mod h1:PxC8OnwL11+aosOB5+iEPoV3picfs8tUpkVd0pDo+Kg=
-github.com/gonum/integrate v0.0.0-20181209220457-a422b5c0fdf2/go.mod h1:pDgmNM6seYpwvPos3q+zxlXMsbve6mOIPucUnUOrI7Y=
-github.com/gonum/internal v0.0.0-20181124074243-f884aa714029/go.mod h1:Pu4dmpkhSyOzRwuXkOgAvijx4o+4YMUJJo9OvPYMkks=
-github.com/gonum/lapack v0.0.0-20181123203213-e4cdc5a0bff9/go.mod h1:XA3DeT6rxh2EAE789SSiSJNqxPaC0aE9J8NTOI0Jo/A=
-github.com/gonum/mathext v0.0.0-20181121095525-8a4bf007ea55/go.mod h1:fmo8aiSEWkJeiGXUJf+sPvuDgEFgqIoZSs843ePKrGg=
-github.com/gonum/matrix v0.0.0-20181209220409-c518dec07be9/go.mod h1:0EXg4mc1CNP0HCqCz+K4ts155PXIlUywf0wqN+GfPZw=
-github.com/gonum/stat v0.0.0-20181125101827-41a0da705a5b/go.mod h1:Z4GIJBJO3Wa4gD4vbwQxXXZ+WHmW6E9ixmNrwvs0iZs=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
-github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -299,27 +181,20 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-containerregistry v0.13.0 h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k=
github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo=
-github.com/google/go-github/v27 v27.0.6/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0=
-github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/mako v0.0.0-20190821191249-122f8dcef9e3/go.mod h1:YzLcVlL+NqWnmUEPuhS1LxDDwGO9WNbVlEXaF4IH35g=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -327,149 +202,69 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 h1:n6vlPhxsA+BW/XsS5+uqi7GyzaLa5MH7qlSLBZtRdiA=
-github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
-github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/influxdata/tdigest v0.0.0-20180711151920-a7d76c6f093a/go.mod h1:9GkyshztGufsdPQWjH+ifgnIr3xNUL5syI70g2dzU1o=
-github.com/influxdata/tdigest v0.0.0-20181121200506-bf2b5ad3c0a9/go.mod h1:Js0mqiSBE6Ffsg94weZZ2c+v/ciT8QRHFOap7EKDrR0=
-github.com/influxdata/tdigest v0.0.0-20191024211133-5d87a7585faa/go.mod h1:Z0kXnxzbTC2qrx4NaIzYkE1k66+6oEDQTvL95hQFh5Y=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=
github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/lightstep/tracecontext.go v0.0.0-20181129014701-1757c391b1ac/go.mod h1:Frd2bnT3w5FB5q49ENTfVlztJES+1k/7lyWX2+9gq/M=
-github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/dns v1.1.17/go.mod h1:WgzbA6oji13JREwiNsRDNfl7jYdPnmz+VEuLrA+/48M=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
-github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc=
+github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8=
+github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -477,172 +272,109 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
-github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.4/go.mod h1:g/HbgYopi++010VEqkFgJHKC09uJiW9UkXvMUuKHUCQ=
github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/openshift/api v0.0.0-20230522130544-0eef84f63102 h1:DvXc9rkFXM8Q4Gva6MYoenwnvgX1Ij1cLkewLb91D5Q=
-github.com/openshift/api v0.0.0-20230522130544-0eef84f63102/go.mod h1:4VWG+W22wrB4HfBL88P40DxLEpSOaiBVxUnfalfJo9k=
-github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb h1:Nij5OnaECrkmcRQMAE9LMbQXPo95aqFnf+12B7SyFVI=
-github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb/go.mod h1:Rhb3moCqeiTuGHAbXBOlwPubUMlOZEkrEWTRjIF3jzs=
-github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa4YDFlwRYAMyE=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/openshift/api v0.0.0-20240618205917-987b8890c273 h1:a2B5ocKga0ckZlb4fxneG90xzfC0rLCcxzVbte8USEI=
+github.com/openshift/api v0.0.0-20240618205917-987b8890c273/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM=
+github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 h1:JtLhaGpSEconE+1IKmIgCOof/Len5ceG6H1pk43yv5U=
+github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87/go.mod h1:3IPD4U0qyovZS4EFady2kqY32m8lGcbs/Wx+yprg9z8=
github.com/pb33f/libopenapi v0.8.4 h1:hP6etldkapogvEfILaCVrBNh9DwzK/ZKGrNPm3qAIwU=
github.com/pb33f/libopenapi v0.8.4/go.mod h1:lvUmCtjgHUGVj6WzN3I5/CS9wkXtyN3Ykjh6ZZP5lrI=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml/v2 v2.0.0-beta.2/go.mod h1:+X+aW6gUj6Hda43TeYHVCIvYNG/jqY/8ZFXAeXXHl+Q=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
-github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.55.1 h1:IIEF5Sp5jDnqRNoHH5fPLNOsScMhmfyWmFP7m04jokc=
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.55.1/go.mod h1:/xf16Bu3krDP6G5WhrJL9avDnLW/AN0g7hAIK63mbes=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
-github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
-github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
github.com/prometheus/common v0.35.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/prometheus/statsd_exporter v0.21.0/go.mod h1:rbT83sZq2V+p73lHhPZfMc3MLCHmSHelCh9hSGYNLTQ=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/prometheus/statsd_exporter v0.22.7 h1:7Pji/i2GuhK6Lu7DHrtTkFmNBCudCPT1pX2CziuyQR0=
github.com/prometheus/statsd_exporter v0.22.7/go.mod h1:N/TevpjkIh9ccs6nuzY3jQn9dFqnUakOjnEuMPJJJnI=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/relvacode/iso8601 v1.3.0 h1:HguUjsGpIMh/zsTczGN3DVJFxTU/GX+MMmzcKoMO7ko=
-github.com/relvacode/iso8601 v1.3.0/go.mod h1:FlNp+jz+TXpyRqgmM7tnzHHzBnz776kmAH2h3sZCn0I=
+github.com/relvacode/iso8601 v1.4.0 h1:GsInVSEJfkYuirYFxa80nMLbH2aydgZpIf52gYZXUJs=
+github.com/relvacode/iso8601 v1.4.0/go.mod h1:FlNp+jz+TXpyRqgmM7tnzHHzBnz776kmAH2h3sZCn0I=
github.com/rickb777/date v1.13.0 h1:+8AmwLuY1d/rldzdqvqTEg7107bZ8clW37x4nsdG3Hs=
github.com/rickb777/date v1.13.0/go.mod h1:GZf3LoGnxPWjX+/1TXOuzHefZFDovTyNLHDMd3qH70k=
github.com/rickb777/plural v1.2.1 h1:UitRAgR70+yHFt26Tmj/F9dU9aV6UfjGXSbO1DcC9/U=
github.com/rickb777/plural v1.2.1/go.mod h1:j058+3M5QQFgcZZ2oKIOekcygoZUL8gKW5yRO14BuAw=
github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
-github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 h1:uIkTLo0AGRc8l7h5l9r+GcYi9qfVPt6lD4/bhmzfiKo=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46 h1:Dz0HrI1AtNSGCE8LXLLqoZU4iuOJXPWndenCsZfstA8=
-github.com/senseyeio/duration v0.0.0-20180430131211-7c2a214ada46/go.mod h1:is8FVkzSi7PYLWEXT5MgWhglFsyyiW8ffxAoJqfuFZo=
github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/serverlessworkflow/sdk-go/v2 v2.2.5 h1:/TFqBBni0hDpTA0bKadGTWbyBRiQ0o2ppz2ScY6DdTM=
-github.com/serverlessworkflow/sdk-go/v2 v2.2.5/go.mod h1:uIy7EgNRGUzuTsihdto7fN+xsz/HDHq0MP1aPIG7wHU=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/serverlessworkflow/sdk-go/v2 v2.4.2 h1:dqRa/i5J885rk0bGIXzUVLwEFfRWB9gpQfOdXlbejsI=
+github.com/serverlessworkflow/sdk-go/v2 v2.4.2/go.mod h1:WGJR0YhXp035Y/toMKwHeIT5/EDEkDEDozn6VIGSUqI=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
-github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
-github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/sosodev/duration v1.3.1 h1:qtHBDMQ6lvMQsL15g4aopM4HEfOaYuhWBw3NPTtlqq4=
+github.com/sosodev/duration v1.3.1/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
-github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/quantile v0.0.0-20150917103942-b0c588724d25/go.mod h1:lbP8tGiBjZ5YWIc2fzuRpTaz0b/53vT6PEs3QuAWzuU=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@@ -650,83 +382,47 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc=
-github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tsenart/go-tsz v0.0.0-20180814232043-cdeb9e1e981e/go.mod h1:SWZznP1z5Ki7hDT2ioqiFKEse8K9tU2OUvaRI0NeGQo=
-github.com/tsenart/vegeta/v12 v12.8.4/go.mod h1:ZiJtwLn/9M4fTPdMY7bdbIeyNeFVE8/AHbWFqCsUuho=
-github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/vmware-labs/yaml-jsonpath v0.3.2 h1:/5QKeCBGdsInyDCyVNLbXyilb61MXGi9NP674f9Hobk=
github.com/vmware-labs/yaml-jsonpath v0.3.2/go.mod h1:U6whw1z03QyqgWdgXxvVnQ90zN1BWz5V+51Ewf8k+rQ=
-github.com/wavesoftware/go-ensure v1.0.0/go.mod h1:K2UAFSwMTvpiRGay/M3aEYYuurcR8S4A6HkQlJPV8k4=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/otel v0.16.0/go.mod h1:e4GKElweB8W2gWUqbghw0B8t5MCTccc9212eNHnOHwA=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -737,6 +433,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
+golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -749,7 +447,6 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -758,17 +455,12 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
-golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -780,8 +472,6 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -799,34 +489,22 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -837,18 +515,13 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -856,14 +529,11 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -879,86 +549,56 @@ golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220708085239-5a0f0661e09d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -978,7 +618,6 @@ golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjs
golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200512001501-aaeff5de670a/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -987,24 +626,16 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
-golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-gonum.org/v1/gonum v0.0.0-20181121035319-3f7ecaa7e8ca/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
-gonum.org/v1/netlib v0.0.0-20181029234149-ec6d1f5cefe6/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1022,18 +653,14 @@ google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc=
-google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs=
+google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY=
+google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1065,20 +692,11 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc
google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210416161957-9910b6c460de/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
-google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0=
-google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
-google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU=
-google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
@@ -1090,14 +708,9 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ=
-google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
+google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1110,30 +723,24 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1145,12 +752,8 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20191026110619-0b21df46bc1d/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1158,70 +761,36 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.21.4/go.mod h1:fTVGP+M4D8+00FN2cMnJqk/eb/GH53bvmNs2SVTmpFk=
-k8s.io/api v0.27.6 h1:PBWu/lywJe2qQcshMjubzcBg7+XDZOo7O8JJAWuYtUo=
-k8s.io/api v0.27.6/go.mod h1:AQYj0UsFCp3qJE7bOVnUuy4orCsXVkvHefnbYQiNWgk=
-k8s.io/apiextensions-apiserver v0.21.4/go.mod h1:OoC8LhI9LnV+wKjZkXIBbLUwtnOGJiTRE33qctH5CIk=
-k8s.io/apiextensions-apiserver v0.27.6 h1:mOwSBJtThZhpJr+8gEkc3wFDIjq87E3JspR5mtZxIg8=
-k8s.io/apiextensions-apiserver v0.27.6/go.mod h1:AVNlLYRrESG5Poo6ASRUhY2pvoKPcNt8y/IuZ4lx3o8=
-k8s.io/apimachinery v0.19.7/go.mod h1:6sRbGRAVY5DOCuZwB5XkqguBqpqLU6q/kOaOdk29z6Q=
-k8s.io/apimachinery v0.21.4/go.mod h1:H/IM+5vH9kZRNJ4l3x/fXP/5bOPJaVP/guptnZPeCFI=
-k8s.io/apimachinery v0.27.6 h1:mGU8jmBq5o8mWBov+mLjdTBcU+etTE19waies4AQ6NE=
-k8s.io/apimachinery v0.27.6/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
-k8s.io/apiserver v0.21.4/go.mod h1:SErUuFBBPZUcD2nsUU8hItxoYheqyYr2o/pCINEPW8g=
-k8s.io/client-go v0.21.4/go.mod h1:t0/eMKyUAq/DoQ7vW8NVVA00/nomlwC+eInsS8PxSew=
-k8s.io/client-go v0.27.6 h1:vzI8804gpUtpMCNaFjIFyJrifH7u//LJCJPy8fQuYQg=
-k8s.io/client-go v0.27.6/go.mod h1:PMsXcDKiJTW7PHJ64oEsIUJF319wm+EFlCj76oE5QXM=
-k8s.io/code-generator v0.21.4/go.mod h1:K3y0Bv9Cz2cOW2vXUrNZlFbflhuPvuadW6JdnN6gGKo=
-k8s.io/component-base v0.21.4/go.mod h1:ZKG0eHVX+tUDcaoIGpU3Vtk4TIjMddN9uhEWDmW6Nyg=
-k8s.io/component-base v0.27.6 h1:hF5WxX7Tpi9/dXAbLjPVkIA6CA6Pi6r9JOHyo0uCDYI=
-k8s.io/component-base v0.27.6/go.mod h1:NvjLtaneUeb0GgMPpCBF+4LNB9GuhDHi16uUTjBhQfU=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/gengo v0.0.0-20210203185629-de9496dff47b/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
-k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
-k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE=
-k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 h1:OmK1d0WrkD3IPfkskvroRykOulHVHf0s0ZIFRjyt+UI=
-k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20230711102312-30195339c3c7 h1:ZgnF1KZsYxWIifwSNZFZgNtWE89WI5yiP5WwlfDoIyc=
-k8s.io/utils v0.0.0-20230711102312-30195339c3c7/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/eventing v0.26.0 h1:osDUdav7S0FuChN0onfwL5cEcsdb54Kee2hjAPMpY7o=
-knative.dev/eventing v0.26.0/go.mod h1:6tTam0lsPtBSJHJ63/195obj2VAHlTZZB7TLiBSeqk0=
-knative.dev/hack v0.0.0-20210806075220-815cd312d65c/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI=
-knative.dev/hack/schema v0.0.0-20210806075220-815cd312d65c/go.mod h1:ffjwmdcrH5vN3mPhO8RrF2KfNnbHeCE2C60A+2cv3U0=
+k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
+k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
+k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
+k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk=
+k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
+k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
+k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+knative.dev/eventing v0.39.4 h1:MFgS+cLIkB6HFdvuoI3XznNEGT84294LHWjCg7RK8cM=
+knative.dev/eventing v0.39.4/go.mod h1:MlEiEcHALqZnu0OFMuWdJfjBzM7HlSJfk8pQbTcIy4o=
knative.dev/networking v0.0.0-20231017124814-2a7676e912b7 h1:6+1icZuxiZO1paFZ4d/ysKWVG2M4WB7OxNJNyLG0P/E=
knative.dev/networking v0.0.0-20231017124814-2a7676e912b7/go.mod h1:1gcHoIVG47ekQWjkddqRq+/7tWRh+CB9W4k/NAcdRbk=
-knative.dev/pkg v0.0.0-20210914164111-4857ab6939e3/go.mod h1:jMSqkNMsrzuy+XR4Yr/BMy7SDVbUOl3KKB6+5MR+ZU8=
-knative.dev/pkg v0.0.0-20210919202233-5ae482141474/go.mod h1:jMSqkNMsrzuy+XR4Yr/BMy7SDVbUOl3KKB6+5MR+ZU8=
knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c h1:xyPoEToTWeBdn6tinhLxXfnhJhTNQt5WzHiTNiFphRw=
knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c/go.mod h1:HHRXEd7ZlFpthgE+rwAZ6MUVnuJOAeolnaFSthXloUQ=
-knative.dev/reconciler-test v0.0.0-20210915181908-49fac7555086/go.mod h1:6yDmb26SINSmgw6wVy9qQwgRMewiW8ddkkwGLR0ZvOY=
-knative.dev/serving v0.39.0 h1:NVt8WthHmFFMWZ3qpBblXt47del8qqrbCegqwGBVSwk=
-knative.dev/serving v0.39.0/go.mod h1:0QIp5mvgWa1oUC2MxMf+Q/JWgG8JhAsSdJKc6iTRlvE=
-pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU=
+knative.dev/serving v0.39.4 h1:9IlFE7GsORKhI92DIZbF88hplQYM73T1l4W50UxZwF8=
+knative.dev/serving v0.39.4/go.mod h1:bWylSgwnRZeL659qy7m3/TZioYk25TIfusPUEeR695A=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
-sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
+sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
+sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/packages/sonataflow-operator/go.work b/packages/sonataflow-operator/go.work
index 909eec1d39f..17eb2594245 100644
--- a/packages/sonataflow-operator/go.work
+++ b/packages/sonataflow-operator/go.work
@@ -1,4 +1,4 @@
-go 1.21
+go 1.22.0
use (
@@ -13,15 +13,17 @@ replace (
github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb
// Main dependencies sync
- github.com/serverlessworkflow/sdk-go/v2 => github.com/serverlessworkflow/sdk-go/v2 v2.2.5
- golang.org/x/crypto => golang.org/x/crypto v0.17.0
- // CVE-2023-40167 fix until third-party libs upgrade their side
- golang.org/x/net => golang.org/x/net v0.17.0
- k8s.io/api => k8s.io/api v0.27.6
- k8s.io/apimachinery => k8s.io/apimachinery v0.27.6
- k8s.io/client-go => k8s.io/client-go v0.27.6
- k8s.io/klog/v2 => k8s.io/klog/v2 v2.100.1
- knative.dev/pkg => knative.dev/pkg v0.0.0-20230525143525-9bda38b21643
- sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.15.0
- sigs.k8s.io/yaml => sigs.k8s.io/yaml v1.3.0
+ github.com/serverlessworkflow/sdk-go/v2 => github.com/serverlessworkflow/sdk-go/v2 v2.4.2
+ k8s.io/api => k8s.io/api v0.31.1
+ k8s.io/apimachinery => k8s.io/apimachinery v0.31.1
+ k8s.io/client-go => k8s.io/client-go v0.31.1
+ k8s.io/klog/v2 => k8s.io/klog/v2 v2.130.1
+ // Knative 1.12
+ knative.dev/eventing => knative.dev/eventing v0.39.4
+ knative.dev/pkg => knative.dev/pkg v0.0.0-20231023151236-29775d7c9e5c
+ knative.dev/serving => knative.dev/serving v0.39.4
+ sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.19.0
+ sigs.k8s.io/yaml => sigs.k8s.io/yaml v1.4.0
diff --git a/packages/sonataflow-operator/go.work.sum b/packages/sonataflow-operator/go.work.sum
index 84b24e0bf08..278af04308d 100644
--- a/packages/sonataflow-operator/go.work.sum
+++ b/packages/sonataflow-operator/go.work.sum
@@ -2,6 +2,8 @@
bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898 h1:SC+c6A1qTFstO9qmB86mPV2IpYme/2ZoEQ0hrP+wo+Q=
bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M=
bou.ke/monkey v1.0.1 h1:zEMLInw9xvNakzUUPjfS4Ds6jYPqCFx3m7bRmG5NH2U=
+cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w=
+cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg=
cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw=
cloud.google.com/go v0.60.0/go.mod h1:yw2G51M9IfRboUH61Us8GqCeF1PzPblB823Mn2q2eAU=
@@ -20,90 +22,303 @@ cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Ud
cloud.google.com/go v0.98.0 h1:w6LozQJyDDEyhf64Uusu1LCcnLt0I1VMLiJC2kV+eXk=
cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM=
cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
+cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U=
cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
+cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
+cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU=
+cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA=
+cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM=
+cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I=
cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY=
+cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA=
cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw=
cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME=
cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk=
+cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y=
+cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4=
+cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
+cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4=
+cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4=
+cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw=
+cloud.google.com/go/accessapproval v1.6.0 h1:x0cEHro/JFPd7eS4BlEWNTMecIj2HdXjOVB5BtvwER0=
cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E=
cloud.google.com/go/accessapproval v1.7.1 h1:/5YjNhR6lzCvmJZAnByYkfEgWjfAKwYP6nkuTk6nKFE=
cloud.google.com/go/accessapproval v1.7.1/go.mod h1:JYczztsHRMK7NTXb6Xw+dwbs/WnOJxbo/2mTI+Kgg68=
+cloud.google.com/go/accessapproval v1.7.4 h1:ZvLvJ952zK8pFHINjpMBY5k7LTAp/6pBf50RDMRgBUI=
+cloud.google.com/go/accessapproval v1.7.5 h1:uzmAMSgYcnlHa9X9YSQZ4Q1wlfl4NNkZyQgho1Z6p04=
+cloud.google.com/go/accessapproval v1.7.5/go.mod h1:g88i1ok5dvQ9XJsxpUInWWvUBrIZhyPDPbk4T01OoJ0=
+cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o=
+cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE=
+cloud.google.com/go/accesscontextmanager v1.6.0/go.mod h1:8XCvZWfYw3K/ji0iVnp+6pu7huxoQTLmxAbVjbloTtM=
+cloud.google.com/go/accesscontextmanager v1.7.0 h1:MG60JgnEoawHJrbWw0jGdv6HLNSf6gQvYRiXpuzqgEA=
cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ=
cloud.google.com/go/accesscontextmanager v1.8.1 h1:WIAt9lW9AXtqw/bnvrEUaE8VG/7bAAeMzRCBGMkc4+w=
cloud.google.com/go/accesscontextmanager v1.8.1/go.mod h1:JFJHfvuaTC+++1iL1coPiG1eu5D24db2wXCDWDjIrxo=
+cloud.google.com/go/accesscontextmanager v1.8.4 h1:Yo4g2XrBETBCqyWIibN3NHNPQKUfQqti0lI+70rubeE=
+cloud.google.com/go/accesscontextmanager v1.8.5 h1:2GLNaNu9KRJhJBFTIVRoPwk6xE5mUDgD47abBq4Zp/I=
+cloud.google.com/go/accesscontextmanager v1.8.5/go.mod h1:TInEhcZ7V9jptGNqN3EzZ5XMhT6ijWxTGjzyETwmL0Q=
+cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw=
+cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY=
+cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg=
+cloud.google.com/go/aiplatform v1.35.0/go.mod h1:7MFT/vCaOyZT/4IIFfxH4ErVg/4ku6lKv3w0+tFTgXQ=
+cloud.google.com/go/aiplatform v1.36.1/go.mod h1:WTm12vJRPARNvJ+v6P52RDHCNe4AhvjcIZ/9/RRHy/k=
+cloud.google.com/go/aiplatform v1.37.0 h1:zTw+suCVchgZyO+k847wjzdVjWmrAuehxdvcZvJwfGg=
cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw=
cloud.google.com/go/aiplatform v1.50.0 h1:J89aj+lqwtjn0qpQBMVaiOmDxBkKDEKUwl+GL19RRpc=
cloud.google.com/go/aiplatform v1.50.0/go.mod h1:IRc2b8XAMTa9ZmfJV1BCCQbieWWvDnP1A8znyz5N7y4=
+cloud.google.com/go/aiplatform v1.52.0 h1:TbbUvAujxXlSlbG5+XBtJEEEUyGjtyJxZ/VIlvz9Dps=
+cloud.google.com/go/aiplatform v1.52.0/go.mod h1:pwZMGvqe0JRkI1GWSZCtnAfrR4K1bv65IHILGA//VEU=
+cloud.google.com/go/aiplatform v1.54.0 h1:wH7OYl9Vq/5tupok0BPTFY9xaTLb0GxkReHtB5PF7cI=
+cloud.google.com/go/aiplatform v1.58.2/go.mod h1:c3kCiVmb6UC1dHAjZjcpDj6ZS0bHQ2slL88ZjC2LtlA=
+cloud.google.com/go/aiplatform v1.60.0 h1:0cSrii1ZeLr16MbBoocyy5KVnrSdiQ3KN/vtrTe7RqE=
+cloud.google.com/go/aiplatform v1.60.0/go.mod h1:eTlGuHOahHprZw3Hio5VKmtThIOak5/qy6pzdsqcQnM=
+cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI=
+cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4=
+cloud.google.com/go/analytics v0.17.0/go.mod h1:WXFa3WSym4IZ+JiKmavYdJwGG/CvpqiqczmL59bTD9M=
+cloud.google.com/go/analytics v0.18.0/go.mod h1:ZkeHGQlcIPkw0R/GW+boWHhCOR43xz9RN/jn7WcqfIE=
+cloud.google.com/go/analytics v0.19.0 h1:LqAo3tAh2FU9+w/r7vc3hBjU23Kv7GhO/PDIW7kIYgM=
cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE=
cloud.google.com/go/analytics v0.21.3 h1:TFBC1ZAqX9/jL56GEXdLrVe5vT3I22bDVWyDwZX4IEg=
cloud.google.com/go/analytics v0.21.3/go.mod h1:U8dcUtmDmjrmUTnnnRnI4m6zKn/yaA5N9RlEkYFHpQo=
+cloud.google.com/go/analytics v0.21.6 h1:fnV7B8lqyEYxCU0LKk+vUL7mTlqRAq4uFlIthIdr/iA=
+cloud.google.com/go/analytics v0.23.0 h1:Q+y94XH84jM8SK8O7qiY/PJRexb6n7dRbQ6PiUa4YGM=
+cloud.google.com/go/analytics v0.23.0/go.mod h1:YPd7Bvik3WS95KBok2gPXDqQPHy08TsCQG6CdUCb+u0=
+cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk=
+cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc=
+cloud.google.com/go/apigateway v1.5.0 h1:ZI9mVO7x3E9RK/BURm2p1aw9YTBSCQe3klmyP1WxWEg=
cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8=
cloud.google.com/go/apigateway v1.6.1 h1:aBSwCQPcp9rZ0zVEUeJbR623palnqtvxJlUyvzsKGQc=
cloud.google.com/go/apigateway v1.6.1/go.mod h1:ufAS3wpbRjqfZrzpvLC2oh0MFlpRJm2E/ts25yyqmXA=
+cloud.google.com/go/apigateway v1.6.4 h1:VVIxCtVerchHienSlaGzV6XJGtEM9828Erzyr3miUGs=
+cloud.google.com/go/apigateway v1.6.5 h1:sPXnpk+6TneKIrjCjcpX5YGsAKy3PTdpIchoj8/74OE=
+cloud.google.com/go/apigateway v1.6.5/go.mod h1:6wCwvYRckRQogyDDltpANi3zsCDl6kWi0b4Je+w2UiI=
+cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc=
+cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04=
+cloud.google.com/go/apigeeconnect v1.5.0 h1:sWOmgDyAsi1AZ48XRHcATC0tsi9SkPT7DA/+VCfkaeA=
cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8=
cloud.google.com/go/apigeeconnect v1.6.1 h1:6u/jj0P2c3Mcm+H9qLsXI7gYcTiG9ueyQL3n6vCmFJM=
cloud.google.com/go/apigeeconnect v1.6.1/go.mod h1:C4awq7x0JpLtrlQCr8AzVIzAaYgngRqWf9S5Uhg+wWs=
+cloud.google.com/go/apigeeconnect v1.6.4 h1:jSoGITWKgAj/ssVogNE9SdsTqcXnryPzsulENSRlusI=
+cloud.google.com/go/apigeeconnect v1.6.5 h1:CrfIKv9Go3fh/QfQgisU3MeP90Ww7l/sVGmr3TpECo8=
+cloud.google.com/go/apigeeconnect v1.6.5/go.mod h1:MEKm3AiT7s11PqTfKE3KZluZA9O91FNysvd3E6SJ6Ow=
+cloud.google.com/go/apigeeregistry v0.4.0/go.mod h1:EUG4PGcsZvxOXAdyEghIdXwAEi/4MEaoqLMLDMIwKXY=
+cloud.google.com/go/apigeeregistry v0.5.0/go.mod h1:YR5+s0BVNZfVOUkMa5pAR2xGd0A473vA5M7j247o1wM=
+cloud.google.com/go/apigeeregistry v0.6.0 h1:E43RdhhCxdlV+I161gUY2rI4eOaMzHTA5kNkvRsFXvc=
cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc=
cloud.google.com/go/apigeeregistry v0.7.1 h1:hgq0ANLDx7t2FDZDJQrCMtCtddR/pjCqVuvQWGrQbXw=
cloud.google.com/go/apigeeregistry v0.7.1/go.mod h1:1XgyjZye4Mqtw7T9TsY4NW10U7BojBvG4RMD+vRDrIw=
+cloud.google.com/go/apigeeregistry v0.8.2 h1:DSaD1iiqvELag+lV4VnnqUUFd8GXELu01tKVdWZrviE=
+cloud.google.com/go/apigeeregistry v0.8.3 h1:C+QU2K+DzDjk4g074ouwHQGkoff1h5OMQp6sblCVreQ=
+cloud.google.com/go/apigeeregistry v0.8.3/go.mod h1:aInOWnqF4yMQx8kTjDqHNXjZGh/mxeNlAf52YqtASUs=
+cloud.google.com/go/apikeys v0.4.0/go.mod h1:XATS/yqZbaBK0HOssf+ALHp8jAlNHUgyfprvNcBIszU=
+cloud.google.com/go/apikeys v0.5.0/go.mod h1:5aQfwY4D+ewMMWScd3hm2en3hCj+BROlyrt3ytS7KLI=
cloud.google.com/go/apikeys v0.6.0 h1:B9CdHFZTFjVti89tmyXXrO+7vSNo2jvZuHG8zD5trdQ=
cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8=
+cloud.google.com/go/appengine v1.4.0/go.mod h1:CS2NhuBuDXM9f+qscZ6V86m1MIIqPj3WC/UoEuR1Sno=
+cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodCWatWI9Dmak=
+cloud.google.com/go/appengine v1.6.0/go.mod h1:hg6i0J/BD2cKmDJbaFSYHFyZkgBEfQrDg/X0V5fJn84=
+cloud.google.com/go/appengine v1.7.0/go.mod h1:eZqpbHFCqRGa2aCdope7eC0SWLV1j0neb/QnMJVWx6A=
+cloud.google.com/go/appengine v1.7.1 h1:aBGDKmRIaRRoWJ2tAoN0oVSHoWLhtO9aj/NvUyP4aYs=
cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E=
cloud.google.com/go/appengine v1.8.1 h1:J+aaUZ6IbTpBegXbmEsh8qZZy864ZVnOoWyfa1XSNbI=
cloud.google.com/go/appengine v1.8.1/go.mod h1:6NJXGLVhZCN9aQ/AEDvmfzKEfoYBlfB80/BHiKVputY=
+cloud.google.com/go/appengine v1.8.4 h1:Qub3fqR7iA1daJWdzjp/Q0Jz0fUG0JbMc7Ui4E9IX/E=
+cloud.google.com/go/appengine v1.8.5 h1:l2SviT44zWQiOv8bPoMBzW0vOcMO22iO0s+nVtVhdts=
+cloud.google.com/go/appengine v1.8.5/go.mod h1:uHBgNoGLTS5di7BvU25NFDuKa82v0qQLjyMJLuPQrVo=
+cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4=
+cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0=
+cloud.google.com/go/area120 v0.7.0/go.mod h1:a3+8EUD1SX5RUcCs3MY5YasiO1z6yLiNLRiFrykbynY=
+cloud.google.com/go/area120 v0.7.1 h1:ugckkFh4XkHJMPhTIx0CyvdoBxmOpMe8rNs4Ok8GAag=
cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k=
cloud.google.com/go/area120 v0.8.1 h1:wiOq3KDpdqXmaHzvZwKdpoM+3lDcqsI2Lwhyac7stss=
cloud.google.com/go/area120 v0.8.1/go.mod h1:BVfZpGpB7KFVNxPiQBuHkX6Ed0rS51xIgmGyjrAfzsg=
+cloud.google.com/go/area120 v0.8.4 h1:YnSO8m02pOIo6AEOgiOoUDVbw4pf+bg2KLHi4rky320=
+cloud.google.com/go/area120 v0.8.5 h1:vTs08KPLN/iMzTbxpu5ciL06KcsrVPMjz4IwcQyZ4uY=
+cloud.google.com/go/area120 v0.8.5/go.mod h1:BcoFCbDLZjsfe4EkCnEq1LKvHSK0Ew/zk5UFu6GMyA0=
+cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ=
+cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk=
+cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0=
+cloud.google.com/go/artifactregistry v1.9.0/go.mod h1:2K2RqvA2CYvAeARHRkLDhMDJ3OXy26h3XW+3/Jh2uYc=
+cloud.google.com/go/artifactregistry v1.11.1/go.mod h1:lLYghw+Itq9SONbCa1YWBoWs1nOucMH0pwXN1rOBZFI=
+cloud.google.com/go/artifactregistry v1.11.2/go.mod h1:nLZns771ZGAwVLzTX/7Al6R9ehma4WUEhZGWV6CeQNQ=
+cloud.google.com/go/artifactregistry v1.12.0/go.mod h1:o6P3MIvtzTOnmvGagO9v/rOjjA0HmhJ+/6KAXrmYDCI=
+cloud.google.com/go/artifactregistry v1.13.0 h1:o1Q80vqEB6Qp8WLEH3b8FBLNUCrGQ4k5RFj0sn/sgO8=
cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08=
cloud.google.com/go/artifactregistry v1.14.1 h1:k6hNqab2CubhWlGcSzunJ7kfxC7UzpAfQ1UPb9PDCKI=
cloud.google.com/go/artifactregistry v1.14.1/go.mod h1:nxVdG19jTaSTu7yA7+VbWL346r3rIdkZ142BSQqhn5E=
+cloud.google.com/go/artifactregistry v1.14.6 h1:/hQaadYytMdA5zBh+RciIrXZQBWK4vN7EUsrQHG+/t8=
+cloud.google.com/go/artifactregistry v1.14.7 h1:W9sVlyb1VRcUf83w7aM3yMsnp4HS4PoyGqYQNG0O5lI=
+cloud.google.com/go/artifactregistry v1.14.7/go.mod h1:0AUKhzWQzfmeTvT4SjfI4zjot72EMfrkvL9g9aRjnnM=
+cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o=
+cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s=
+cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0=
+cloud.google.com/go/asset v1.9.0/go.mod h1:83MOE6jEJBMqFKadM9NLRcs80Gdw76qGuHn8m3h8oHQ=
+cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAtZiIb0wY=
+cloud.google.com/go/asset v1.11.1/go.mod h1:fSwLhbRvC9p9CXQHJ3BgFeQNM4c9x10lqlrdEUYXlJo=
+cloud.google.com/go/asset v1.12.0/go.mod h1:h9/sFOa4eDIyKmH6QMpm4eUK3pDojWnUhTgJlk762Hg=
+cloud.google.com/go/asset v1.13.0 h1:YAsssO08BqZ6mncbb6FPlj9h6ACS7bJQUOlzciSfbNk=
cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw=
cloud.google.com/go/asset v1.14.1 h1:vlHdznX70eYW4V1y1PxocvF6tEwxJTTarwIGwOhFF3U=
cloud.google.com/go/asset v1.14.1/go.mod h1:4bEJ3dnHCqWCDbWJ/6Vn7GVI9LerSi7Rfdi03hd+WTQ=
+cloud.google.com/go/asset v1.15.3 h1:uI8Bdm81s0esVWbWrTHcjFDFKNOa9aB7rI1vud1hO84=
+cloud.google.com/go/asset v1.17.1/go.mod h1:byvDw36UME5AzGNK7o4JnOnINkwOZ1yRrGrKIahHrng=
+cloud.google.com/go/asset v1.17.2 h1:xgFnBP3luSbUcC9RWJvb3Zkt+y/wW6PKwPHr3ssnIP8=
+cloud.google.com/go/asset v1.17.2/go.mod h1:SVbzde67ehddSoKf5uebOD1sYw8Ab/jD/9EIeWg99q4=
+cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY=
+cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw=
+cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI=
+cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo=
+cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0=
+cloud.google.com/go/assuredworkloads v1.10.0 h1:VLGnVFta+N4WM+ASHbhc14ZOItOabDLH1MSoDv+Xuag=
cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E=
cloud.google.com/go/assuredworkloads v1.11.1 h1:yaO0kwS+SnhVSTF7BqTyVGt3DTocI6Jqo+S3hHmCwNk=
cloud.google.com/go/assuredworkloads v1.11.1/go.mod h1:+F04I52Pgn5nmPG36CWFtxmav6+7Q+c5QyJoL18Lry0=
+cloud.google.com/go/assuredworkloads v1.11.4 h1:FsLSkmYYeNuzDm8L4YPfLWV+lQaUrJmH5OuD37t1k20=
+cloud.google.com/go/assuredworkloads v1.11.5 h1:gCrN3IyvqY3cP0wh2h43d99CgH3G+WYs9CeuFVKChR8=
+cloud.google.com/go/assuredworkloads v1.11.5/go.mod h1:FKJ3g3ZvkL2D7qtqIGnDufFkHxwIpNM9vtmhvt+6wqk=
+cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0=
+cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8=
+cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8=
+cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM=
+cloud.google.com/go/automl v1.12.0 h1:50VugllC+U4IGl3tDNcZaWvApHBTrn/TvyHDJ0wM+Uw=
cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU=
cloud.google.com/go/automl v1.13.1 h1:iP9iQurb0qbz+YOOMfKSEjhONA/WcoOIjt6/m+6pIgo=
cloud.google.com/go/automl v1.13.1/go.mod h1:1aowgAHWYZU27MybSCFiukPO7xnyawv7pt3zK4bheQE=
+cloud.google.com/go/automl v1.13.4 h1:i9tOKXX+1gE7+rHpWKjiuPfGBVIYoWvLNIGpWgPtF58=
+cloud.google.com/go/automl v1.13.5 h1:ijiJy9sYWh75WrqImXsfWc1e3HR3iO+ef9fvW03Ig/4=
+cloud.google.com/go/automl v1.13.5/go.mod h1:MDw3vLem3yh+SvmSgeYUmUKqyls6NzSumDm9OJ3xJ1Y=
+cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc=
+cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI=
+cloud.google.com/go/baremetalsolution v0.5.0 h1:2AipdYXL0VxMboelTTw8c1UJ7gYu35LZYUbuRv9Q28s=
cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss=
cloud.google.com/go/baremetalsolution v1.2.0 h1:3zztyuQHjfU0C0qEsI9LkC3kf5/TQQ3jUJhbmetUoRA=
cloud.google.com/go/baremetalsolution v1.2.0/go.mod h1:68wi9AwPYkEWIUT4SvSGS9UJwKzNpshjHsH4lzk8iOw=
+cloud.google.com/go/baremetalsolution v1.2.3 h1:oQiFYYCe0vwp7J8ZmF6siVKEumWtiPFJMJcGuyDVRUk=
+cloud.google.com/go/baremetalsolution v1.2.4 h1:LFydisRmS7hQk9P/YhekwuZGqb45TW4QavcrMToWo5A=
+cloud.google.com/go/baremetalsolution v1.2.4/go.mod h1:BHCmxgpevw9IEryE99HbYEfxXkAEA3hkMJbYYsHtIuY=
+cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE=
+cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE=
+cloud.google.com/go/batch v0.7.0 h1:YbMt0E6BtqeD5FvSv1d56jbVsWEzlGm55lYte+M6Mzs=
cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g=
cloud.google.com/go/batch v1.4.1 h1:/4ADpZKoKH300HN2SB6aI7lXX/0hnnbR74wxjLHkyQo=
cloud.google.com/go/batch v1.4.1/go.mod h1:KdBmDD61K0ovcxoRHGrN6GmOBWeAOyCgKD0Mugx4Fkk=
+cloud.google.com/go/batch v1.6.3 h1:mPiIH20a5NU02rucbAmLeO4sLPO9hrTK0BLjdHyW8xw=
+cloud.google.com/go/batch v1.8.0 h1:2HK4JerwVaIcCh/lJiHwh6+uswPthiMMWhiSWLELayk=
+cloud.google.com/go/batch v1.8.0/go.mod h1:k8V7f6VE2Suc0zUM4WtoibNrA6D3dqBpB+++e3vSGYc=
+cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4=
+cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8=
+cloud.google.com/go/beyondcorp v0.4.0/go.mod h1:3ApA0mbhHx6YImmuubf5pyW8srKnCEPON32/5hj+RmM=
+cloud.google.com/go/beyondcorp v0.5.0 h1:UkY2BTZkEUAVrgqnSdOJ4p3y9ZRBPEe1LkjgC8Bj/Pc=
cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU=
cloud.google.com/go/beyondcorp v1.0.0 h1:VPg+fZXULQjs8LiMeWdLaB5oe8G9sEoZ0I0j6IMiG1Q=
cloud.google.com/go/beyondcorp v1.0.0/go.mod h1:YhxDWw946SCbmcWo3fAhw3V4XZMSpQ/VYfcKGAEU8/4=
+cloud.google.com/go/beyondcorp v1.0.3 h1:VXf9SnrnSmj2BF2cHkoTHvOUp8gjsz1KJFOMW7czdsY=
+cloud.google.com/go/beyondcorp v1.0.4 h1:qs0J0O9Ol2h1yA0AU+r7l3hOCPzs2MjE1d6d/kaHIKo=
+cloud.google.com/go/beyondcorp v1.0.4/go.mod h1:Gx8/Rk2MxrvWfn4WIhHIG1NV7IBfg14pTKv1+EArVcc=
cloud.google.com/go/bigquery v1.8.0 h1:PQcPefKFdaIzjQFbiyOgAqyx8q5djaE7x9Sqe712DPA=
+cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA=
+cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw=
+cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc=
+cloud.google.com/go/bigquery v1.47.0/go.mod h1:sA9XOgy0A8vQK9+MWhEQTY6Tix87M/ZurWFIxmF9I/E=
+cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac=
+cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q=
+cloud.google.com/go/bigquery v1.50.0 h1:RscMV6LbnAmhAzD893Lv9nXXy2WCaJmbxYPWDLbGqNQ=
cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU=
cloud.google.com/go/bigquery v1.55.0 h1:hs44Xxov3XLWQiCx2J8lK5U/ihLqnpm4RVVl5fdtLLI=
cloud.google.com/go/bigquery v1.55.0/go.mod h1:9Y5I3PN9kQWuid6183JFhOGOW3GcirA5LpsKCUn+2ec=
+cloud.google.com/go/bigquery v1.57.1 h1:FiULdbbzUxWD0Y4ZGPSVCDLvqRSyCIO6zKV7E2nf5uA=
+cloud.google.com/go/bigquery v1.58.0/go.mod h1:0eh4mWNY0KrBTjUzLjoYImapGORq9gEPT7MWjCy9lik=
+cloud.google.com/go/bigquery v1.59.1 h1:CpT+/njKuKT3CEmswm6IbhNu9u35zt5dO4yPDLW+nG4=
+cloud.google.com/go/bigquery v1.59.1/go.mod h1:VP1UJYgevyTwsV7desjzNzDND5p6hZB+Z8gZJN1GQUc=
+cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY=
+cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s=
+cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI=
+cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y=
+cloud.google.com/go/billing v1.12.0/go.mod h1:yKrZio/eu+okO/2McZEbch17O5CB5NpZhhXG6Z766ss=
+cloud.google.com/go/billing v1.13.0 h1:JYj28UYF5w6VBAh0gQYlgHJ/OD1oA+JgW29YZQU+UHM=
cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc=
cloud.google.com/go/billing v1.17.0 h1:CpagWXb/+QNye+vouomndbc4Gsr0uo+AGR24V16uk8Q=
cloud.google.com/go/billing v1.17.0/go.mod h1:Z9+vZXEq+HwH7bhJkyI4OQcR6TSbeMrjlpEjO2vzY64=
+cloud.google.com/go/billing v1.17.4 h1:77/4kCqzH6Ou5CCDzNmqmboE+WvbwFBJmw1QZQz19AI=
+cloud.google.com/go/billing v1.18.2 h1:oWUEQvuC4JvtnqLZ35zgzdbuHt4Itbftvzbe6aEyFdE=
+cloud.google.com/go/billing v1.18.2/go.mod h1:PPIwVsOOQ7xzbADCwNe8nvK776QpfrOAUkvKjCUcpSE=
+cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM=
+cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI=
+cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0=
+cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk=
+cloud.google.com/go/binaryauthorization v1.5.0 h1:d3pMDBCCNivxt5a4eaV7FwL7cSH0H7RrEnFrTb1QKWs=
cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q=
cloud.google.com/go/binaryauthorization v1.7.0 h1:7L6uUWo/xNCfdVNnnzh2M4x5YA732YPgqRdCG8aKVAU=
cloud.google.com/go/binaryauthorization v1.7.0/go.mod h1:Zn+S6QqTMn6odcMU1zDZCJxPjU2tZPV1oDl45lWY154=
+cloud.google.com/go/binaryauthorization v1.7.3 h1:3R6WYn1JKIaVicBmo18jXubu7xh4mMkmbIgsTXk0cBA=
+cloud.google.com/go/binaryauthorization v1.8.1 h1:1jcyh2uIUwSZkJ/JmL8kd5SUkL/Krbv8zmYLEbAz6kY=
+cloud.google.com/go/binaryauthorization v1.8.1/go.mod h1:1HVRyBerREA/nhI7yLang4Zn7vfNVA3okoAR9qYQJAQ=
+cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg=
+cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590=
+cloud.google.com/go/certificatemanager v1.6.0 h1:5C5UWeSt8Jkgp7OWn2rCkLmYurar/vIWIoSQ2+LaTOc=
cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8=
cloud.google.com/go/certificatemanager v1.7.1 h1:uKsohpE0hiobx1Eak9jNcPCznwfB6gvyQCcS28Ah9E8=
cloud.google.com/go/certificatemanager v1.7.1/go.mod h1:iW8J3nG6SaRYImIa+wXQ0g8IgoofDFRp5UMzaNk1UqI=
+cloud.google.com/go/certificatemanager v1.7.4 h1:5YMQ3Q+dqGpwUZ9X5sipsOQ1fLPsxod9HNq0+nrqc6I=
+cloud.google.com/go/certificatemanager v1.7.5 h1:UMBr/twXvH3jcT5J5/YjRxf2tvwTYIfrpemTebe0txc=
+cloud.google.com/go/certificatemanager v1.7.5/go.mod h1:uX+v7kWqy0Y3NG/ZhNvffh0kuqkKZIXdvlZRO7z0VtM=
+cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk=
+cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk=
+cloud.google.com/go/channel v1.11.0/go.mod h1:IdtI0uWGqhEeatSB62VOoJ8FSUhJ9/+iGkJVqp74CGE=
+cloud.google.com/go/channel v1.12.0 h1:GpcQY5UJKeOekYgsX3QXbzzAc/kRGtBq43fTmyKe6Uw=
cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU=
cloud.google.com/go/channel v1.17.0 h1:Hy2EaOiOB7BS1IJmg2lLilEo8uMfFWTy7RgjTzbUqjM=
cloud.google.com/go/channel v1.17.0/go.mod h1:RpbhJsGi/lXWAUM1eF4IbQGbsfVlg2o8Iiy2/YLfVT0=
+cloud.google.com/go/channel v1.17.3 h1:Rd4+fBrjiN6tZ4TR8R/38elkyEkz6oogGDr7jDyjmMY=
+cloud.google.com/go/channel v1.17.5 h1:/omiBnyFjm4S1ETHoOmJbL7LH7Ljcei4rYG6Sj3hc80=
+cloud.google.com/go/channel v1.17.5/go.mod h1:FlpaOSINDAXgEext0KMaBq/vwpLMkkPAw9b2mApQeHc=
+cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U=
+cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA=
+cloud.google.com/go/cloudbuild v1.6.0/go.mod h1:UIbc/w9QCbH12xX+ezUsgblrWv+Cv4Tw83GiSMHOn9M=
+cloud.google.com/go/cloudbuild v1.7.0/go.mod h1:zb5tWh2XI6lR9zQmsm1VRA+7OCuve5d8S+zJUul8KTg=
+cloud.google.com/go/cloudbuild v1.9.0 h1:GHQCjV4WlPPVU/j3Rlpc8vNIDwThhd1U9qSY/NPZdko=
cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s=
cloud.google.com/go/cloudbuild v1.14.0 h1:YTMxmFra7eIjKFgnyQUxOwWNseNqeO38kGh7thy7v4s=
cloud.google.com/go/cloudbuild v1.14.0/go.mod h1:lyJg7v97SUIPq4RC2sGsz/9tNczhyv2AjML/ci4ulzU=
+cloud.google.com/go/cloudbuild v1.14.3 h1:hP6LDes9iqeppgGbmCkB3C3MvS12gJe5i4ZGtnnIO5c=
+cloud.google.com/go/cloudbuild v1.14.3/go.mod h1:eIXYWmRt3UtggLnFGx4JvXcMj4kShhVzGndL1LwleEM=
+cloud.google.com/go/cloudbuild v1.15.0 h1:9IHfEMWdCklJ1cwouoiQrnxmP0q3pH7JUt8Hqx4Qbck=
+cloud.google.com/go/cloudbuild v1.15.1 h1:ZB6oOmJo+MTov9n629fiCrO9YZPOg25FZvQ7gIHu5ng=
+cloud.google.com/go/cloudbuild v1.15.1/go.mod h1:gIofXZSu+XD2Uy+qkOrGKEx45zd7s28u/k8f99qKals=
+cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM=
+cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk=
+cloud.google.com/go/clouddms v1.5.0 h1:E7v4TpDGUyEm1C/4KIrpVSOCTm0P6vWdHT0I4mostRA=
cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA=
cloud.google.com/go/clouddms v1.7.0 h1:vTcaFaFZTZZ11gXB6aZHdAx+zn30P8YJw4X/S3NC+VQ=
cloud.google.com/go/clouddms v1.7.0/go.mod h1:MW1dC6SOtI/tPNCciTsXtsGNEM0i0OccykPvv3hiYeM=
+cloud.google.com/go/clouddms v1.7.3 h1:xe/wJKz55VO1+L891a1EG9lVUgfHr9Ju/I3xh1nwF84=
+cloud.google.com/go/clouddms v1.7.4 h1:Sr0Zo5EAcPQiCBgHWICg3VGkcdS/LLP1d9SR7qQBM/s=
+cloud.google.com/go/clouddms v1.7.4/go.mod h1:RdrVqoFG9RWI5AvZ81SxJ/xvxPdtcRhFotwdE79DieY=
+cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY=
+cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI=
+cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4=
+cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI=
+cloud.google.com/go/cloudtasks v1.9.0/go.mod h1:w+EyLsVkLWHcOaqNEyvcKAsWp9p29dL6uL9Nst1cI7Y=
+cloud.google.com/go/cloudtasks v1.10.0 h1:uK5k6abf4yligFgYFnG0ni8msai/dSv6mDmiBulU0hU=
cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs=
cloud.google.com/go/cloudtasks v1.12.1 h1:cMh9Q6dkvh+Ry5LAPbD/U2aw6KAqdiU6FttwhbTo69w=
cloud.google.com/go/cloudtasks v1.12.1/go.mod h1:a9udmnou9KO2iulGscKR0qBYjreuX8oHwpmFsKspEvM=
+cloud.google.com/go/cloudtasks v1.12.4 h1:5xXuFfAjg0Z5Wb81j2GAbB3e0bwroCeSF+5jBn/L650=
+cloud.google.com/go/cloudtasks v1.12.6 h1:EUt1hIZ9bLv8Iz9yWaCrqgMnIU+Tdh0yXM1MMVGhjfE=
+cloud.google.com/go/cloudtasks v1.12.6/go.mod h1:b7c7fe4+TJsFZfDyzO51F7cjq7HLUlRi/KZQLQjDsaY=
cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
cloud.google.com/go/compute v1.1.0/go.mod h1:2NIffxgWfORSI7EOYMFatGTfjMLnqrOKBEyYb6NoRgA=
+cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
+cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
+cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
+cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
+cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
+cloud.google.com/go/compute v1.12.0/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU=
+cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU=
+cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE=
cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo=
+cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA=
cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs=
cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU=
cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE=
@@ -112,311 +327,1026 @@ cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdi
cloud.google.com/go/compute v1.21.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
+cloud.google.com/go/compute v1.23.2/go.mod h1:JJ0atRC0J/oWYiiVBmsSsrRnh92DhZPG4hFDcR04Rns=
+cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
+cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
+cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw=
+cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI=
+cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3hFDlscY40=
+cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU=
+cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls=
+cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU=
cloud.google.com/go/compute/metadata v0.2.0 h1:nBbNSZyDpkNlo3DepaaLKVuO7ClyifSAmNloSCZrHnQ=
cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
+cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY=
+cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck=
+cloud.google.com/go/contactcenterinsights v1.6.0 h1:jXIpfcH/VYSE1SYcPzO0n1VVb+sAamiLOgCw45JbOQk=
cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w=
cloud.google.com/go/contactcenterinsights v1.10.0 h1:YR2aPedGVQPpFBZXJnPkqRj8M//8veIZZH5ZvICoXnI=
cloud.google.com/go/contactcenterinsights v1.10.0/go.mod h1:bsg/R7zGLYMVxFFzfh9ooLTruLRCG9fnzhH9KznHhbM=
+cloud.google.com/go/contactcenterinsights v1.11.3 h1:Ui14kRKgQ3mVrMRkiBNzjdJIfFAN2qqiu9993ec9+jw=
+cloud.google.com/go/contactcenterinsights v1.11.3/go.mod h1:HHX5wrz5LHVAwfI2smIotQG9x8Qd6gYilaHcLLLmNis=
+cloud.google.com/go/contactcenterinsights v1.12.0 h1:wP41IUA4ucMVooj/TP53jd7vbNjWrDkAPOeulVJGT5U=
+cloud.google.com/go/contactcenterinsights v1.13.0 h1:6Vs/YnDG5STGjlWMEjN/xtmft7MrOTOnOZYUZtGTx0w=
+cloud.google.com/go/contactcenterinsights v1.13.0/go.mod h1:ieq5d5EtHsu8vhe2y3amtZ+BE+AQwX5qAy7cpo0POsI=
+cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg=
+cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo=
+cloud.google.com/go/container v1.13.1/go.mod h1:6wgbMPeQRw9rSnKBCAJXnds3Pzj03C4JHamr8asWKy4=
+cloud.google.com/go/container v1.14.0/go.mod h1:3AoJMPhHfLDxLvrlVWaK57IXzaPnLaZq63WX59aQBfM=
+cloud.google.com/go/container v1.15.0 h1:NKlY/wCDapfVZlbVVaeuu2UZZED5Dy1z4Zx1KhEzm8c=
cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA=
cloud.google.com/go/container v1.26.0 h1:SszQdI0qlyKsImz8/l26rpTZMyqvaH9yfua7rirDZvY=
cloud.google.com/go/container v1.26.0/go.mod h1:YJCmRet6+6jnYYRS000T6k0D0xUXQgBSaJ7VwI8FBj4=
+cloud.google.com/go/container v1.27.1 h1:ZfLRiFM9ddFE92SlA28rknI6YJMz5Z5huAQK+FKWxIQ=
+cloud.google.com/go/container v1.27.1/go.mod h1:b1A1gJeTBXVLQ6GGw9/9M4FG94BEGsqJ5+t4d/3N7O4=
+cloud.google.com/go/container v1.28.0 h1:/o82CFWXIYnT9p/07SnRgybqL3Pmmu86jYIlzlJVUBY=
+cloud.google.com/go/container v1.30.1/go.mod h1:vkbfX0EnAKL/vgVECs5BZn24e1cJROzgszJirRKQ4Bg=
+cloud.google.com/go/container v1.31.0 h1:MAaNH7VRNPWEhvqOypq2j+7ONJKrKzon4v9nS3nLZe0=
+cloud.google.com/go/container v1.31.0/go.mod h1:7yABn5s3Iv3lmw7oMmyGbeV6tQj86njcTijkkGuvdZA=
+cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I=
+cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4=
+cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI=
+cloud.google.com/go/containeranalysis v0.9.0 h1:EQ4FFxNaEAg8PqQCO7bVQfWz9NVwZCUKaM1b3ycfx3U=
cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s=
cloud.google.com/go/containeranalysis v0.11.0 h1:/EsoP+UTIjvl4yqrLA4WgUG83kwQhqZmbXEfqirT2LM=
cloud.google.com/go/containeranalysis v0.11.0/go.mod h1:4n2e99ZwpGxpNcz+YsFT1dfOHPQFGcAC8FN2M2/ne/U=
+cloud.google.com/go/containeranalysis v0.11.3 h1:5rhYLX+3a01drpREqBZVXR9YmWH45RnML++8NsCtuD8=
+cloud.google.com/go/containeranalysis v0.11.4 h1:doJ0M1ljS4hS0D2UbHywlHGwB7sQLNrt9vFk9Zyi7vY=
+cloud.google.com/go/containeranalysis v0.11.4/go.mod h1:cVZT7rXYBS9NG1rhQbWL9pWbXCKHWJPYraE8/FTSYPE=
+cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0=
+cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs=
+cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc=
+cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE=
+cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM=
+cloud.google.com/go/datacatalog v1.8.1/go.mod h1:RJ58z4rMp3gvETA465Vg+ag8BGgBdnRPEMMSTr5Uv+M=
+cloud.google.com/go/datacatalog v1.12.0/go.mod h1:CWae8rFkfp6LzLumKOnmVh4+Zle4A3NXLzVJ1d1mRm0=
+cloud.google.com/go/datacatalog v1.13.0 h1:4H5IJiyUE0X6ShQBqgFFZvGGcrwGVndTwUSLP4c52gw=
cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8=
cloud.google.com/go/datacatalog v1.17.1 h1:qGWrlYvWtK+8jD1jhwq5BsGoSr7S4/LOroV7LwXi00g=
cloud.google.com/go/datacatalog v1.17.1/go.mod h1:nCSYFHgtxh2MiEktWIz71s/X+7ds/UT9kp0PC7waCzE=
+cloud.google.com/go/datacatalog v1.18.3 h1:zmdxP6nOjN5Qb1rtu9h4kbEVwerQ6Oshf+t747QJUew=
+cloud.google.com/go/datacatalog v1.18.3/go.mod h1:5FR6ZIF8RZrtml0VUao22FxhdjkoG+a0866rEnObryM=
+cloud.google.com/go/datacatalog v1.19.0 h1:rbYNmHwvAOOwnW2FPXYkaK3Mf1MmGqRzK0mMiIEyLdo=
+cloud.google.com/go/datacatalog v1.19.3 h1:A0vKYCQdxQuV4Pi0LL9p39Vwvg4jH5yYveMv50gU5Tw=
+cloud.google.com/go/datacatalog v1.19.3/go.mod h1:ra8V3UAsciBpJKQ+z9Whkxzxv7jmQg1hfODr3N3YPJ4=
+cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM=
+cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ=
+cloud.google.com/go/dataflow v0.8.0 h1:eYyD9o/8Nm6EttsKZaEGD84xC17bNgSKCu0ZxwqUbpg=
cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE=
cloud.google.com/go/dataflow v0.9.1 h1:VzG2tqsk/HbmOtq/XSfdF4cBvUWRK+S+oL9k4eWkENQ=
cloud.google.com/go/dataflow v0.9.1/go.mod h1:Wp7s32QjYuQDWqJPFFlnBKhkAtiFpMTdg00qGbnIHVw=
+cloud.google.com/go/dataflow v0.9.4 h1:7VmCNWcPJBS/srN2QnStTB6nu4Eb5TMcpkmtaPVhRt4=
+cloud.google.com/go/dataflow v0.9.5 h1:RYHtcPhmE664+F0Je46p+NvFbG8z//KCXp+uEqB4jZU=
+cloud.google.com/go/dataflow v0.9.5/go.mod h1:udl6oi8pfUHnL0z6UN9Lf9chGqzDMVqcYTcZ1aPnCZQ=
+cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo=
+cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE=
+cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0=
+cloud.google.com/go/dataform v0.6.0/go.mod h1:QPflImQy33e29VuapFdf19oPbE4aYTJxr31OAPV+ulA=
+cloud.google.com/go/dataform v0.7.0 h1:Dyk+fufup1FR6cbHjFpMuP4SfPiF3LI3JtoIIALoq48=
cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE=
cloud.google.com/go/dataform v0.8.1 h1:xcWso0hKOoxeW72AjBSIp/UfkvpqHNzzS0/oygHlcqY=
cloud.google.com/go/dataform v0.8.1/go.mod h1:3BhPSiw8xmppbgzeBbmDvmSWlwouuJkXsXsb8UBih9M=
+cloud.google.com/go/dataform v0.9.1 h1:jV+EsDamGX6cE127+QAcCR/lergVeeZdEQ6DdrxW3sQ=
+cloud.google.com/go/dataform v0.9.2 h1:5e4eqGrd0iDTCg4Q+VlAao5j2naKAA7xRurNtwmUknU=
+cloud.google.com/go/dataform v0.9.2/go.mod h1:S8cQUwPNWXo7m/g3DhWHsLBoufRNn9EgFrMgne2j7cI=
+cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38=
+cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w=
+cloud.google.com/go/datafusion v1.6.0 h1:sZjRnS3TWkGsu1LjYPFD/fHeMLZNXDK6PDHi2s2s/bk=
cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8=
cloud.google.com/go/datafusion v1.7.1 h1:eX9CZoyhKQW6g1Xj7+RONeDj1mV8KQDKEB9KLELX9/8=
cloud.google.com/go/datafusion v1.7.1/go.mod h1:KpoTBbFmoToDExJUso/fcCiguGDk7MEzOWXUsJo0wsI=
+cloud.google.com/go/datafusion v1.7.4 h1:Q90alBEYlMi66zL5gMSGQHfbZLB55mOAg03DhwTTfsk=
+cloud.google.com/go/datafusion v1.7.5 h1:HQ/BUOP8OIGJxuztpYvNvlb+/U+/Bfs9SO8tQbh61fk=
+cloud.google.com/go/datafusion v1.7.5/go.mod h1:bYH53Oa5UiqahfbNK9YuYKteeD4RbQSNMx7JF7peGHc=
+cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I=
+cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ=
+cloud.google.com/go/datalabeling v0.7.0 h1:ch4qA2yvddGRUrlfwrNJCr79qLqhS9QBwofPHfFlDIk=
cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM=
cloud.google.com/go/datalabeling v0.8.1 h1:zxsCD/BLKXhNuRssen8lVXChUj8VxF3ofN06JfdWOXw=
cloud.google.com/go/datalabeling v0.8.1/go.mod h1:XS62LBSVPbYR54GfYQsPXZjTW8UxCK2fkDciSrpRFdY=
+cloud.google.com/go/datalabeling v0.8.4 h1:zrq4uMmunf2KFDl/7dS6iCDBBAxBnKVDyw6+ajz3yu0=
+cloud.google.com/go/datalabeling v0.8.5 h1:GpIFRdm0qIZNsxqURFJwHt0ZBJZ0nF/mUVEigR7PH/8=
+cloud.google.com/go/datalabeling v0.8.5/go.mod h1:IABB2lxQnkdUbMnQaOl2prCOfms20mcPxDBm36lps+s=
+cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA=
+cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A=
+cloud.google.com/go/dataplex v1.5.2/go.mod h1:cVMgQHsmfRoI5KFYq4JtIBEUbYwc3c7tXmIDhRmNNVQ=
+cloud.google.com/go/dataplex v1.6.0 h1:RvoZ5T7gySwm1CHzAw7yY1QwwqaGswunmqEssPxU/AM=
cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs=
cloud.google.com/go/dataplex v1.9.1 h1:wqPAP1vRskOoWwNka1yey2wxxCrxRrcxJf78MyFvrbs=
cloud.google.com/go/dataplex v1.9.1/go.mod h1:7TyrDT6BCdI8/38Uvp0/ZxBslOslP2X2MPDucliyvSE=
+cloud.google.com/go/dataplex v1.11.1 h1:+malGTMnHubsSi0D6dbr3aqp86dKs0t4yAdmxKZGUm4=
+cloud.google.com/go/dataplex v1.11.1/go.mod h1:mHJYQQ2VEJHsyoC0OdNyy988DvEbPhqFs5OOLffLX0c=
+cloud.google.com/go/dataplex v1.11.2 h1:AfFFR15Ifh4U+Me1IBztrSd5CrasTODzy3x8KtDyHdc=
+cloud.google.com/go/dataplex v1.14.1/go.mod h1:bWxQAbg6Smg+sca2+Ex7s8D9a5qU6xfXtwmq4BVReps=
+cloud.google.com/go/dataplex v1.14.2 h1:fxIfdU8fxzR3clhOoNI7XFppvAmndxDu1AMH+qX9WKQ=
+cloud.google.com/go/dataplex v1.14.2/go.mod h1:0oGOSFlEKef1cQeAHXy4GZPB/Ife0fz/PxBf+ZymA2U=
+cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s=
+cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI=
cloud.google.com/go/dataproc v1.12.0 h1:W47qHL3W4BPkAIbk4SWmIERwsWBaNnWm0P2sdx3YgGU=
cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4=
cloud.google.com/go/dataproc/v2 v2.2.0 h1:jKijbdsERm2hy/5dFl/LeQN+7CNssLdGXQYBMvMH/M4=
cloud.google.com/go/dataproc/v2 v2.2.0/go.mod h1:lZR7AQtwZPvmINx5J87DSOOpTfof9LVZju6/Qo4lmcY=
+cloud.google.com/go/dataproc/v2 v2.2.3 h1:snv4EQfh1BfQ/HZS2MGbOqCgwEzYE/j6f30XFOTsgXg=
+cloud.google.com/go/dataproc/v2 v2.2.3/go.mod h1:G5R6GBc9r36SXv/RtZIVfB8SipI+xVn0bX5SxUzVYbY=
+cloud.google.com/go/dataproc/v2 v2.3.0 h1:tTVP9tTxmc8fixxOd/8s6Q6Pz/+yzn7r7XdZHretQH0=
+cloud.google.com/go/dataproc/v2 v2.4.0 h1:/u81Fd+BvCLp+xjctI1DiWVJn6cn9/s3Akc8xPH02yk=
+cloud.google.com/go/dataproc/v2 v2.4.0/go.mod h1:3B1Ht2aRB8VZIteGxQS/iNSJGzt9+CA0WGnDVMEm7Z4=
+cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo=
+cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA=
+cloud.google.com/go/dataqna v0.7.0 h1:yFzi/YU4YAdjyo7pXkBE2FeHbgz5OQQBVDdbErEHmVQ=
cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c=
cloud.google.com/go/dataqna v0.8.1 h1:ITpUJep04hC9V7C+gcK390HO++xesQFSUJ7S4nSnF3U=
cloud.google.com/go/dataqna v0.8.1/go.mod h1:zxZM0Bl6liMePWsHA8RMGAfmTG34vJMapbHAxQ5+WA8=
+cloud.google.com/go/dataqna v0.8.4 h1:NJnu1kAPamZDs/if3bJ3+Wb6tjADHKL83NUWsaIp2zg=
+cloud.google.com/go/dataqna v0.8.5 h1:9ybXs3nr9BzxSGC04SsvtuXaHY0qmJSLIpIAbZo9GqQ=
+cloud.google.com/go/dataqna v0.8.5/go.mod h1:vgihg1mz6n7pb5q2YJF7KlXve6tCglInd6XO0JGOlWM=
cloud.google.com/go/datastore v1.1.0 h1:/May9ojXjRkPBNVrq+oWLqmWCkr4OU5uRY29bu0mRyQ=
+cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM=
+cloud.google.com/go/datastore v1.11.0 h1:iF6I/HaLs3Ado8uRKMvZRvF/ZLkWaWE9i8AiHzbC774=
cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c=
cloud.google.com/go/datastore v1.14.0 h1:Mq0ApTRdLW3/dyiw+DkjTk0+iGIUvkbzaC8sfPwWTH4=
cloud.google.com/go/datastore v1.14.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8=
+cloud.google.com/go/datastore v1.15.0 h1:0P9WcsQeTWjuD1H14JIY7XQscIPQ4Laje8ti96IC5vg=
+cloud.google.com/go/datastore v1.15.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8=
+cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo=
+cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ=
+cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g=
+cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4=
+cloud.google.com/go/datastream v1.6.0/go.mod h1:6LQSuswqLa7S4rPAOZFVjHIG3wJIjZcZrw8JDEDJuIs=
+cloud.google.com/go/datastream v1.7.0 h1:BBCBTnWMDwwEzQQmipUXxATa7Cm7CA/gKjKcR2w35T0=
cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww=
cloud.google.com/go/datastream v1.10.0 h1:ra/+jMv36zTAGPfi8TRne1hXme+UsKtdcK4j6bnqQiw=
cloud.google.com/go/datastream v1.10.0/go.mod h1:hqnmr8kdUBmrnk65k5wNRoHSCYksvpdZIcZIEl8h43Q=
+cloud.google.com/go/datastream v1.10.3 h1:Z2sKPIB7bT2kMW5Uhxy44ZgdJzxzE5uKjavoW+EuHEE=
+cloud.google.com/go/datastream v1.10.4 h1:o1QDKMo/hk0FN7vhoUQURREuA0rgKmnYapB+1M+7Qz4=
+cloud.google.com/go/datastream v1.10.4/go.mod h1:7kRxPdxZxhPg3MFeCSulmAJnil8NJGGvSNdn4p1sRZo=
+cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c=
+cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s=
+cloud.google.com/go/deploy v1.6.0/go.mod h1:f9PTHehG/DjCom3QH0cntOVRm93uGBDt2vKzAPwpXQI=
+cloud.google.com/go/deploy v1.8.0 h1:otshdKEbmsi1ELYeCKNYppwV0UH5xD05drSdBm7ouTk=
cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ=
cloud.google.com/go/deploy v1.13.0 h1:A+w/xpWgz99EYzB6e31gMGAI/P5jTZ2UO7veQK5jQ8o=
cloud.google.com/go/deploy v1.13.0/go.mod h1:tKuSUV5pXbn67KiubiUNUejqLs4f5cxxiCNCeyl0F2g=
+cloud.google.com/go/deploy v1.14.2 h1:OWVwtGy+QeQGPT3yc8bJu6yANoPFpXniCgl7bJu5u88=
+cloud.google.com/go/deploy v1.14.2/go.mod h1:e5XOUI5D+YGldyLNZ21wbp9S8otJbBE4i88PtO9x/2g=
+cloud.google.com/go/deploy v1.15.0 h1:ZdmYzRMTGkVyP1nXEUat9FpbJGJemDcNcx82RSSOElc=
+cloud.google.com/go/deploy v1.17.1 h1:m27Ojwj03gvpJqCbodLYiVmE9x4/LrHGGMjzc0LBfM4=
+cloud.google.com/go/deploy v1.17.1/go.mod h1:SXQyfsXrk0fBmgBHRzBjQbZhMfKZ3hMQBw5ym7MN/50=
+cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4=
+cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0=
+cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8=
+cloud.google.com/go/dialogflow v1.18.0/go.mod h1:trO7Zu5YdyEuR+BhSNOqJezyFQ3aUzz0njv7sMx/iek=
+cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFMoosgy+6Gn0s0=
+cloud.google.com/go/dialogflow v1.29.0/go.mod h1:b+2bzMe+k1s9V+F2jbJwpHPzrnIyHihAdRFMtn2WXuM=
+cloud.google.com/go/dialogflow v1.31.0/go.mod h1:cuoUccuL1Z+HADhyIA7dci3N5zUssgpBJmCzI6fNRB4=
+cloud.google.com/go/dialogflow v1.32.0 h1:uVlKKzp6G/VtSW0E7IH1Y5o0H48/UOCmqksG2riYCwQ=
cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE=
cloud.google.com/go/dialogflow v1.43.0 h1:0hBV5ipVbhYNKCyiBoM47bUt+43Kd8eWXhBr+pwUSTw=
cloud.google.com/go/dialogflow v1.43.0/go.mod h1:pDUJdi4elL0MFmt1REMvFkdsUTYSHq+rTCS8wg0S3+M=
+cloud.google.com/go/dialogflow v1.44.3 h1:cK/f88KX+YVR4tLH4clMQlvrLWD2qmKJQziusjGPjmc=
+cloud.google.com/go/dialogflow v1.48.2/go.mod h1:7A2oDf6JJ1/+hdpnFRfb/RjJUOh2X3rhIa5P8wQSEX4=
+cloud.google.com/go/dialogflow v1.49.0 h1:KqG0oxGE71qo0lRVyAoeBozefCvsMfcDzDjoLYSY0F4=
+cloud.google.com/go/dialogflow v1.49.0/go.mod h1:dhVrXKETtdPlpPhE7+2/k4Z8FRNUp6kMV3EW3oz/fe0=
+cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM=
+cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q=
+cloud.google.com/go/dlp v1.9.0 h1:1JoJqezlgu6NWCroBxr4rOZnwNFILXr4cB9dMaSKO4A=
cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4=
cloud.google.com/go/dlp v1.10.1 h1:tF3wsJ2QulRhRLWPzWVkeDz3FkOGVoMl6cmDUHtfYxw=
cloud.google.com/go/dlp v1.10.1/go.mod h1:IM8BWz1iJd8njcNcG0+Kyd9OPnqnRNkDV8j42VT5KOI=
+cloud.google.com/go/dlp v1.11.1 h1:OFlXedmPP/5//X1hBEeq3D9kUVm9fb6ywYANlpv/EsQ=
+cloud.google.com/go/dlp v1.11.2 h1:lTipOuJaSjlYnnotPMbEhKURLC6GzCMDDzVbJAEbmYM=
+cloud.google.com/go/dlp v1.11.2/go.mod h1:9Czi+8Y/FegpWzgSfkRlyz+jwW6Te9Rv26P3UfU/h/w=
+cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU=
+cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU=
+cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k=
+cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4=
+cloud.google.com/go/documentai v1.16.0/go.mod h1:o0o0DLTEZ+YnJZ+J4wNfTxmDVyrkzFvttBXXtYRMHkM=
+cloud.google.com/go/documentai v1.18.0 h1:KM3Xh0QQyyEdC8Gs2vhZfU+rt6OCPF0dwVwxKgLmWfI=
cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs=
cloud.google.com/go/documentai v1.22.1 h1:cBndyac7kPWwSuhUcgdbnqzszfZ57HBEHfD33DIwsBM=
cloud.google.com/go/documentai v1.22.1/go.mod h1:LKs22aDHbJv7ufXuPypzRO7rG3ALLJxzdCXDPutw4Qc=
+cloud.google.com/go/documentai v1.23.5 h1:KAlzT+q8qvRxAmhsJUvLtfFHH0PNvz3M79H6CgVBKL8=
+cloud.google.com/go/documentai v1.23.8/go.mod h1:Vd/y5PosxCpUHmwC+v9arZyeMfTqBR9VIwOwIqQYYfA=
+cloud.google.com/go/documentai v1.25.0 h1:lI62GMEEPO6vXJI9hj+G9WjOvnR0hEjvjokrnex4cxA=
+cloud.google.com/go/documentai v1.25.0/go.mod h1:ftLnzw5VcXkLItp6pw1mFic91tMRyfv6hHEY5br4KzY=
+cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y=
+cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg=
+cloud.google.com/go/domains v0.8.0 h1:2ti/o9tlWL4N+wIuWUNH+LbfgpwxPr8J1sv9RHA4bYQ=
cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE=
cloud.google.com/go/domains v0.9.1 h1:rqz6KY7mEg7Zs/69U6m6LMbB7PxFDWmT3QWNXIqhHm0=
cloud.google.com/go/domains v0.9.1/go.mod h1:aOp1c0MbejQQ2Pjf1iJvnVyT+z6R6s8pX66KaCSDYfE=
+cloud.google.com/go/domains v0.9.4 h1:ua4GvsDztZ5F3xqjeLKVRDeOvJshf5QFgWGg1CKti3A=
+cloud.google.com/go/domains v0.9.5 h1:Mml/R6s3vQQvFPpi/9oX3O5dRirgjyJ8cksK8N19Y7g=
+cloud.google.com/go/domains v0.9.5/go.mod h1:dBzlxgepazdFhvG7u23XMhmMKBjrkoUNaw0A8AQB55Y=
+cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk=
+cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w=
+cloud.google.com/go/edgecontainer v0.3.0/go.mod h1:FLDpP4nykgwwIfcLt6zInhprzw0lEi2P1fjO6Ie0qbc=
+cloud.google.com/go/edgecontainer v1.0.0 h1:O0YVE5v+O0Q/ODXYsQHmHb+sYM8KNjGZw2pjX2Ws41c=
cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY=
cloud.google.com/go/edgecontainer v1.1.1 h1:zhHWnLzg6AqzE+I3gzJqiIwHfjEBhWctNQEzqb+FaRo=
cloud.google.com/go/edgecontainer v1.1.1/go.mod h1:O5bYcS//7MELQZs3+7mabRqoWQhXCzenBu0R8bz2rwk=
+cloud.google.com/go/edgecontainer v1.1.4 h1:Szy3Q/N6bqgQGyxqjI+6xJZbmvPvnFHp3UZr95DKcQ0=
+cloud.google.com/go/edgecontainer v1.1.5 h1:tBY32km78ScpK2aOP84JoW/+wtpx5WluyPUSEE3270U=
+cloud.google.com/go/edgecontainer v1.1.5/go.mod h1:rgcjrba3DEDEQAidT4yuzaKWTbkTI5zAMu3yy6ZWS0M=
cloud.google.com/go/errorreporting v0.3.0 h1:kj1XEWMu8P0qlLhm3FwcaFsUvXChV/OraZwA70trRR0=
cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU=
+cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI=
+cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8=
+cloud.google.com/go/essentialcontacts v1.5.0 h1:gIzEhCoOT7bi+6QZqZIzX1Erj4SswMPIteNvYVlu+pM=
cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M=
cloud.google.com/go/essentialcontacts v1.6.2 h1:OEJ0MLXXCW/tX1fkxzEZOsv/wRfyFsvDVNaHWBAvoV0=
cloud.google.com/go/essentialcontacts v1.6.2/go.mod h1:T2tB6tX+TRak7i88Fb2N9Ok3PvY3UNbUsMag9/BARh4=
+cloud.google.com/go/essentialcontacts v1.6.5 h1:S2if6wkjR4JCEAfDtIiYtD+sTz/oXjh2NUG4cgT1y/Q=
+cloud.google.com/go/essentialcontacts v1.6.6 h1:13eHn5qBnsawxI7mIrv4jRIEmQ1xg0Ztqw5ZGqtUNfA=
+cloud.google.com/go/essentialcontacts v1.6.6/go.mod h1:XbqHJGaiH0v2UvtuucfOzFXN+rpL/aU5BCZLn4DYl1Q=
+cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc=
+cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw=
+cloud.google.com/go/eventarc v1.10.0/go.mod h1:u3R35tmZ9HvswGRBnF48IlYgYeBcPUCjkr4BTdem2Kw=
+cloud.google.com/go/eventarc v1.11.0 h1:fsJmNeqvqtk74FsaVDU6cH79lyZNCYP8Rrv7EhaB/PU=
cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY=
cloud.google.com/go/eventarc v1.13.0 h1:xIP3XZi0Xawx8DEfh++mE2lrIi5kQmCr/KcWhJ1q0J4=
cloud.google.com/go/eventarc v1.13.0/go.mod h1:mAFCW6lukH5+IZjkvrEss+jmt2kOdYlN8aMx3sRJiAI=
+cloud.google.com/go/eventarc v1.13.3 h1:+pFmO4eu4dOVipSaFBLkmqrRYG94Xl/TQZFOeohkuqU=
+cloud.google.com/go/eventarc v1.13.4 h1:ORkd6/UV5FIdA8KZQDLNZYKS7BBOrj0p01DXPmT4tE4=
+cloud.google.com/go/eventarc v1.13.4/go.mod h1:zV5sFVoAa9orc/52Q+OuYUG9xL2IIZTbbuTHC6JSY8s=
+cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w=
+cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI=
+cloud.google.com/go/filestore v1.5.0/go.mod h1:FqBXDWBp4YLHqRnVGveOkHDf8svj9r5+mUDLupOWEDs=
+cloud.google.com/go/filestore v1.6.0 h1:ckTEXN5towyTMu4q0uQ1Mde/JwTHur0gXs8oaIZnKfw=
cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg=
cloud.google.com/go/filestore v1.7.1 h1:Eiz8xZzMJc5ppBWkuaod/PUdUZGCFR8ku0uS+Ah2fRw=
cloud.google.com/go/filestore v1.7.1/go.mod h1:y10jsorq40JJnjR/lQ8AfFbbcGlw3g+Dp8oN7i7FjV4=
+cloud.google.com/go/filestore v1.7.4 h1:twtI5/89kf9QW7MqDic9fsUbH5ZLIDV1MVsRmu9iu2E=
+cloud.google.com/go/filestore v1.7.4/go.mod h1:S5JCxIbFjeBhWMTfIYH2Jx24J6BqjwpkkPl+nBA5DlI=
+cloud.google.com/go/filestore v1.8.0 h1:/+wUEGwk3x3Kxomi2cP5dsR8+SIXxo7M0THDjreFSYo=
+cloud.google.com/go/filestore v1.8.1 h1:X5G4y/vrUo1B8Nsz93qSWTMAcM8LXbGUldq33OdcdCw=
+cloud.google.com/go/filestore v1.8.1/go.mod h1:MbN9KcaM47DRTIuLfQhJEsjaocVebNtNQhSLhKCF5GM=
cloud.google.com/go/firestore v1.1.0 h1:9x7Bx0A9R5/M9jibeJeZWqjeVEIxYW9fZYqB9a70/bY=
cloud.google.com/go/firestore v1.6.0/go.mod h1:afJwI0vaXwAG54kI7A//lP/lSPDkQORQuMkv56TxEPU=
cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
+cloud.google.com/go/firestore v1.9.0 h1:IBlRyxgGySXu5VuW0RgGFlTtLukSnNkpDiEOMkQkmpA=
cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE=
cloud.google.com/go/firestore v1.13.0 h1:/3S4RssUV4GO/kvgJZB+tayjhOfyAHs+KcpJgRVu/Qk=
cloud.google.com/go/firestore v1.13.0/go.mod h1:QojqqOh8IntInDUSTAh0c8ZsPYAr68Ma8c5DWOy8xb8=
+cloud.google.com/go/firestore v1.14.0 h1:8aLcKnMPoldYU3YHgu4t2exrKhLQkqaXAGqT0ljrFVw=
+cloud.google.com/go/firestore v1.14.0/go.mod h1:96MVaHLsEhbvkBEdZgfN+AS/GIkco1LRpH9Xp9YZfzQ=
+cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk=
+cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg=
+cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY=
+cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5UwtlpzoyquQ08=
+cloud.google.com/go/functions v1.10.0/go.mod h1:0D3hEOe3DbEvCXtYOZHQZmD+SzYsi1YbI7dGvHfldXw=
+cloud.google.com/go/functions v1.12.0/go.mod h1:AXWGrF3e2C/5ehvwYo/GH6O5s09tOPksiKhz+hH8WkA=
+cloud.google.com/go/functions v1.13.0 h1:pPDqtsXG2g9HeOQLoquLbmvmb82Y4Ezdo1GXuotFoWg=
cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c=
cloud.google.com/go/functions v1.15.1 h1:LtAyqvO1TFmNLcROzHZhV0agEJfBi+zfMZsF4RT/a7U=
cloud.google.com/go/functions v1.15.1/go.mod h1:P5yNWUTkyU+LvW/S9O6V+V423VZooALQlqoXdoPz5AE=
+cloud.google.com/go/functions v1.15.4 h1:ZjdiV3MyumRM6++1Ixu6N0VV9LAGlCX4AhW6Yjr1t+U=
+cloud.google.com/go/functions v1.16.0 h1:IWVylmK5F6hJ3R5zaRW7jI5PrWhCvtBVU4axQLmXSo4=
+cloud.google.com/go/functions v1.16.0/go.mod h1:nbNpfAG7SG7Duw/o1iZ6ohvL7mc6MapWQVpqtM29n8k=
+cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM=
+cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA=
+cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w=
+cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM=
cloud.google.com/go/gaming v1.9.0 h1:7vEhFnZmd931Mo7sZ6pJy7uQPDxF7m7v8xtBheG08tc=
cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0=
+cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60=
+cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo=
+cloud.google.com/go/gkebackup v0.4.0 h1:za3QZvw6ujR0uyqkhomKKKNoXDyqYGPJies3voUK8DA=
cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg=
cloud.google.com/go/gkebackup v1.3.1 h1:Kfha8SOF2tqsu4O4jVle66mk7qNdlJ2KhL3E2YyiNZc=
cloud.google.com/go/gkebackup v1.3.1/go.mod h1:vUDOu++N0U5qs4IhG1pcOnD1Mac79xWy6GoBFlWCWBU=
+cloud.google.com/go/gkebackup v1.3.4 h1:KhnOrr9A1tXYIYeXKqCKbCI8TL2ZNGiD3dm+d7BDUBg=
+cloud.google.com/go/gkebackup v1.3.5 h1:iuE8KNtTsPOc79qeWoNS8zOWoXPD9SAdOmwgxtlCmh8=
+cloud.google.com/go/gkebackup v1.3.5/go.mod h1:KJ77KkNN7Wm1LdMopOelV6OodM01pMuK2/5Zt1t4Tvc=
+cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o=
+cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A=
+cloud.google.com/go/gkeconnect v0.7.0 h1:gXYKciHS/Lgq0GJ5Kc9SzPA35NGc3yqu6SkjonpEr2Q=
cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw=
cloud.google.com/go/gkeconnect v0.8.1 h1:a1ckRvVznnuvDWESM2zZDzSVFvggeBaVY5+BVB8tbT0=
cloud.google.com/go/gkeconnect v0.8.1/go.mod h1:KWiK1g9sDLZqhxB2xEuPV8V9NYzrqTUmQR9shJHpOZw=
+cloud.google.com/go/gkeconnect v0.8.4 h1:1JLpZl31YhQDQeJ98tK6QiwTpgHFYRJwpntggpQQWis=
+cloud.google.com/go/gkeconnect v0.8.5 h1:17d+ZSSXKqG/RwZCq3oFMIWLPI8Zw3b8+a9/BEVlwH0=
+cloud.google.com/go/gkeconnect v0.8.5/go.mod h1:LC/rS7+CuJ5fgIbXv8tCD/mdfnlAadTaUufgOkmijuk=
+cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0=
+cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0=
+cloud.google.com/go/gkehub v0.11.0/go.mod h1:JOWHlmN+GHyIbuWQPl47/C2RFhnFKH38jH9Ascu3n0E=
+cloud.google.com/go/gkehub v0.12.0 h1:TqCSPsEBQ6oZSJgEYZ3XT8x2gUadbvfwI32YB0kuHCs=
cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw=
cloud.google.com/go/gkehub v0.14.1 h1:2BLSb8i+Co1P05IYCKATXy5yaaIw/ZqGvVSBTLdzCQo=
cloud.google.com/go/gkehub v0.14.1/go.mod h1:VEXKIJZ2avzrbd7u+zeMtW00Y8ddk/4V9511C9CQGTY=
+cloud.google.com/go/gkehub v0.14.4 h1:J5tYUtb3r0cl2mM7+YHvV32eL+uZQ7lONyUZnPikCEo=
+cloud.google.com/go/gkehub v0.14.5 h1:RboLNFzf9wEMSo7DrKVBlf+YhK/A/jrLN454L5Tz99Q=
+cloud.google.com/go/gkehub v0.14.5/go.mod h1:6bzqxM+a+vEH/h8W8ec4OJl4r36laxTs3A/fMNHJ0wA=
+cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA=
+cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI=
+cloud.google.com/go/gkemulticloud v0.5.0 h1:8I84Q4vl02rJRsFiinBxl7WCozfdLlUVBQuSrqr9Wtk=
cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y=
cloud.google.com/go/gkemulticloud v1.0.0 h1:MluqhtPVZReoriP5+adGIw+ij/RIeRik8KApCW2WMTw=
cloud.google.com/go/gkemulticloud v1.0.0/go.mod h1:kbZ3HKyTsiwqKX7Yw56+wUGwwNZViRnxWK2DVknXWfw=
+cloud.google.com/go/gkemulticloud v1.0.3 h1:NmJsNX9uQ2CT78957xnjXZb26TDIMvv+d5W2vVUt0Pg=
+cloud.google.com/go/gkemulticloud v1.1.1 h1:rsSZAGLhyjyE/bE2ToT5fqo1qSW7S+Ubsc9jFOcbhSI=
+cloud.google.com/go/gkemulticloud v1.1.1/go.mod h1:C+a4vcHlWeEIf45IB5FFR5XGjTeYhF83+AYIpTy4i2Q=
+cloud.google.com/go/grafeas v0.2.0 h1:CYjC+xzdPvbV65gi6Dr4YowKcmLo045pm18L0DhdELM=
cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc=
cloud.google.com/go/grafeas v0.3.0 h1:oyTL/KjiUeBs9eYLw/40cpSZglUC+0F7X4iu/8t7NWs=
cloud.google.com/go/grafeas v0.3.0/go.mod h1:P7hgN24EyONOTMyeJH6DxG4zD7fwiYa5Q6GUgyFSOU8=
+cloud.google.com/go/grafeas v0.3.4 h1:D4x32R/cHX3MTofKwirz015uEdVk4uAxvZkZCZkOrF4=
+cloud.google.com/go/grafeas v0.3.4/go.mod h1:A5m316hcG+AulafjAbPKXBO/+I5itU4LOdKO2R/uDIc=
+cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM=
+cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o=
+cloud.google.com/go/gsuiteaddons v1.5.0 h1:1mvhXqJzV0Vg5Fa95QwckljODJJfDFXV4pn+iL50zzA=
cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo=
cloud.google.com/go/gsuiteaddons v1.6.1 h1:mi9jxZpzVjLQibTS/XfPZvl+Jr6D5Bs8pGqUjllRb00=
cloud.google.com/go/gsuiteaddons v1.6.1/go.mod h1:CodrdOqRZcLp5WOwejHWYBjZvfY0kOphkAKpF/3qdZY=
+cloud.google.com/go/gsuiteaddons v1.6.4 h1:uuw2Xd37yHftViSI8J2hUcCS8S7SH3ZWH09sUDLW30Q=
+cloud.google.com/go/gsuiteaddons v1.6.5 h1:CZEbaBwmbYdhFw21Fwbo+C35HMe36fTE0FBSR4KSfWg=
+cloud.google.com/go/gsuiteaddons v1.6.5/go.mod h1:Lo4P2IvO8uZ9W+RaC6s1JVxo42vgy+TX5a6hfBZ0ubs=
+cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c=
+cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
+cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc=
+cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc=
+cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg=
+cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE=
+cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY=
cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY=
+cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4=
cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
+cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE=
+cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI=
+cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8=
+cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc=
+cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI=
+cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc=
+cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A=
+cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk=
+cloud.google.com/go/iap v1.7.0/go.mod h1:beqQx56T9O1G1yNPph+spKpNibDlYIiIixiqsQXxLIo=
+cloud.google.com/go/iap v1.7.1 h1:PxVHFuMxmSZyfntKXHXhd8bo82WJ+LcATenq7HLdVnU=
cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74=
cloud.google.com/go/iap v1.9.0 h1:RNhVq/6OMI99/wjPVhqFxjlBxYOBRdaG6rLpBvyaqYY=
cloud.google.com/go/iap v1.9.0/go.mod h1:01OFxd1R+NFrg78S+hoPV5PxEzv22HXaNqUUlmNHFuY=
+cloud.google.com/go/iap v1.9.3 h1:M4vDbQ4TLXdaljXVZSwW7XtxpwXUUarY2lIs66m0aCM=
+cloud.google.com/go/iap v1.9.4 h1:94zirc2r4t6KzhAMW0R6Dme005eTP6yf7g6vN4IhRrA=
+cloud.google.com/go/iap v1.9.4/go.mod h1:vO4mSq0xNf/Pu6E5paORLASBwEmphXEjgCFg7aeNu1w=
+cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM=
+cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY=
+cloud.google.com/go/ids v1.3.0 h1:fodnCDtOXuMmS8LTC2y3h8t24U8F3eKWfhi+3LY6Qf0=
cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4=
cloud.google.com/go/ids v1.4.1 h1:khXYmSoDDhWGEVxHl4c4IgbwSRR+qE/L4hzP3vaU9Hc=
cloud.google.com/go/ids v1.4.1/go.mod h1:np41ed8YMU8zOgv53MMMoCntLTn2lF+SUzlM+O3u/jw=
+cloud.google.com/go/ids v1.4.4 h1:VuFqv2ctf/A7AyKlNxVvlHTzjrEvumWaZflUzBPz/M4=
+cloud.google.com/go/ids v1.4.5 h1:xd4U7pgl3GHV+MABnv1BF4/Vy/zBF7CYC8XngkOLzag=
+cloud.google.com/go/ids v1.4.5/go.mod h1:p0ZnyzjMWxww6d2DvMGnFwCsSxDJM666Iir1bK1UuBo=
+cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs=
+cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g=
+cloud.google.com/go/iot v1.5.0/go.mod h1:mpz5259PDl3XJthEmh9+ap0affn/MqNSP4My77Qql9o=
+cloud.google.com/go/iot v1.6.0 h1:39W5BFSarRNZfVG0eXI5LYux+OVQT8GkgpHCnrZL2vM=
cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE=
cloud.google.com/go/iot v1.7.1 h1:yrH0OSmicD5bqGBoMlWG8UltzdLkYzNUwNVUVz7OT54=
cloud.google.com/go/iot v1.7.1/go.mod h1:46Mgw7ev1k9KqK1ao0ayW9h0lI+3hxeanz+L1zmbbbk=
+cloud.google.com/go/iot v1.7.4 h1:m1WljtkZnvLTIRYW1YTOv5A6H1yKgLHR6nU7O8yf27w=
+cloud.google.com/go/iot v1.7.5 h1:munTeBlbqI33iuTYgXy7S8lW2TCgi5l1hA4roSIY+EE=
+cloud.google.com/go/iot v1.7.5/go.mod h1:nq3/sqTz3HGaWJi1xNiX7F41ThOzpud67vwk0YsSsqs=
+cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA=
+cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg=
+cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0=
+cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg=
+cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w=
+cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24=
+cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g=
cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI=
cloud.google.com/go/kms v1.15.2 h1:lh6qra6oC4AyWe5fUUUBe/S27k12OHAleOOOw6KakdE=
cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w=
+cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM=
+cloud.google.com/go/kms v1.15.6/go.mod h1:yF75jttnIdHfGBoE51AKsD/Yqf+/jICzB9v1s1acsms=
+cloud.google.com/go/kms v1.15.7 h1:7caV9K3yIxvlQPAcaFffhlT7d1qpxjB1wHBtjWa13SM=
+cloud.google.com/go/kms v1.15.7/go.mod h1:ub54lbsa6tDkUwnu4W7Yt1aAIFLnspgh0kPGToDukeI=
+cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic=
+cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI=
+cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE=
+cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8=
+cloud.google.com/go/language v1.9.0 h1:7Ulo2mDk9huBoBi8zCE3ONOoBrL6UXfAI71CLQ9GEIM=
cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY=
cloud.google.com/go/language v1.11.0 h1:KnYolG0T5Oex722ZW/sP5QErhVAVNcqpJ16tVJd9RTw=
cloud.google.com/go/language v1.11.0/go.mod h1:uDx+pFDdAKTY8ehpWbiXyQdz8tDSYLJbQcXsCkjYyvQ=
+cloud.google.com/go/language v1.12.2 h1:zg9uq2yS9PGIOdc0Kz/l+zMtOlxKWonZjjo5w5YPG2A=
+cloud.google.com/go/language v1.12.3 h1:iaJZg6K4j/2PvZZVcjeO/btcWWIllVRBhuTFjGO4LXs=
+cloud.google.com/go/language v1.12.3/go.mod h1:evFX9wECX6mksEva8RbRnr/4wi/vKGYnAJrTRXU8+f8=
+cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8=
+cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08=
+cloud.google.com/go/lifesciences v0.8.0 h1:uWrMjWTsGjLZpCTWEAzYvyXj+7fhiZST45u9AgasasI=
cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo=
cloud.google.com/go/lifesciences v0.9.1 h1:axkANGx1wiBXHiPcJZAE+TDjjYoJRIDzbHC/WYllCBU=
cloud.google.com/go/lifesciences v0.9.1/go.mod h1:hACAOd1fFbCGLr/+weUKRAJas82Y4vrL3O5326N//Wc=
+cloud.google.com/go/lifesciences v0.9.4 h1:rZEI/UxcxVKEzyoRS/kdJ1VoolNItRWjNN0Uk9tfexg=
+cloud.google.com/go/lifesciences v0.9.5 h1:gXvN70m2p+4zgJFzaz6gMKaxTuF9WJ0USYoMLWAOm8g=
+cloud.google.com/go/lifesciences v0.9.5/go.mod h1:OdBm0n7C0Osh5yZB7j9BXyrMnTRGBJIZonUMxo5CzPw=
+cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw=
+cloud.google.com/go/logging v1.7.0 h1:CJYxlNNNNAMkHp9em/YEXcfJg+rPDg7YfwoRpMU+t5I=
cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M=
cloud.google.com/go/logging v1.8.1 h1:26skQWPeYhvIasWKm48+Eq7oUqdcdbwsCVwz5Ys0FvU=
cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI=
+cloud.google.com/go/logging v1.9.0 h1:iEIOXFO9EmSiTjDmfpbRjOxECO7R8C7b8IXUGOj7xZw=
+cloud.google.com/go/logging v1.9.0/go.mod h1:1Io0vnZv4onoUnsVUQY3HZ3Igb1nBchky0A0y7BBBhE=
+cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE=
+cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc=
+cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo=
cloud.google.com/go/longrunning v0.5.0/go.mod h1:0JNuqRShmscVAhIACGtskSAWtqtOoPkwP0YF1oVEchc=
cloud.google.com/go/longrunning v0.5.1 h1:Fr7TXftcqTudoyRJa113hyaqlGdiBQkp0Gq7tErFDWI=
cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHSQl/fRUUQJYJc=
+cloud.google.com/go/longrunning v0.5.4 h1:w8xEcbZodnA2BbW6sVirkkoC+1gP8wS57EUUgGS0GVg=
+cloud.google.com/go/longrunning v0.5.4/go.mod h1:zqNVncI0BOP8ST6XQD1+VcvuShMmq7+xFSzOL++V0dI=
+cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg=
+cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s=
+cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE=
+cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM=
+cloud.google.com/go/managedidentities v1.5.0 h1:ZRQ4k21/jAhrHBVKl/AY7SjgzeJwG1iZa+mJ82P+VNg=
cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA=
cloud.google.com/go/managedidentities v1.6.1 h1:2/qZuOeLgUHorSdxSQGtnOu9xQkBn37+j+oZQv/KHJY=
cloud.google.com/go/managedidentities v1.6.1/go.mod h1:h/irGhTN2SkZ64F43tfGPMbHnypMbu4RB3yl8YcuEak=
+cloud.google.com/go/managedidentities v1.6.4 h1:SF/u1IJduMqQQdJA4MDyivlIQ4SrV5qAawkr/ZEREkY=
+cloud.google.com/go/managedidentities v1.6.5 h1:+bpih1piZVLxla/XBqeSUzJBp8gv9plGHIMAI7DLpDM=
+cloud.google.com/go/managedidentities v1.6.5/go.mod h1:fkFI2PwwyRQbjLxlm5bQ8SjtObFMW3ChBGNqaMcgZjI=
+cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI=
+cloud.google.com/go/maps v0.6.0/go.mod h1:o6DAMMfb+aINHz/p/jbcY+mYeXBoZoxTfdSQ8VAJaCw=
+cloud.google.com/go/maps v0.7.0 h1:mv9YaczD4oZBZkM5XJl6fXQ984IkJNHPwkc8MUsdkBo=
cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY=
cloud.google.com/go/maps v1.4.0 h1:PdfgpBLhAoSzZrQXP+/zBc78fIPLZSJp5y8+qSMn2UU=
cloud.google.com/go/maps v1.4.0/go.mod h1:6mWTUv+WhnOwAgjVsSW2QPPECmW+s3PcRyOa9vgG/5s=
+cloud.google.com/go/maps v1.6.1 h1:2+eMp/1MvMPp5qrSOd3vtnLKa/pylt+krVRqET3jWsM=
+cloud.google.com/go/maps v1.6.4 h1:EVCZAiDvog9So46460BGbCasPhi613exoaQbpilMVlk=
+cloud.google.com/go/maps v1.6.4/go.mod h1:rhjqRy8NWmDJ53saCfsXQ0LKwBHfi6OSh5wkq6BaMhI=
+cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4=
+cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w=
+cloud.google.com/go/mediatranslation v0.7.0 h1:anPxH+/WWt8Yc3EdoEJhPMBRF7EhIdz426A+tuoA0OU=
cloud.google.com/go/mediatranslation v0.7.0/go.mod h1:LCnB/gZr90ONOIQLgSXagp8XUW1ODs2UmUMvcgMfI2I=
cloud.google.com/go/mediatranslation v0.8.1 h1:50cF7c1l3BanfKrpnTCaTvhf+Fo6kdF21DG0byG7gYU=
cloud.google.com/go/mediatranslation v0.8.1/go.mod h1:L/7hBdEYbYHQJhX2sldtTO5SZZ1C1vkapubj0T2aGig=
+cloud.google.com/go/mediatranslation v0.8.4 h1:VRCQfZB4s6jN0CSy7+cO3m4ewNwgVnaePanVCQh/9Z4=
+cloud.google.com/go/mediatranslation v0.8.5 h1:c76KdIXljQHSCb/Cy47S8H4s05A4zbK3pAFGzwcczZo=
+cloud.google.com/go/mediatranslation v0.8.5/go.mod h1:y7kTHYIPCIfgyLbKncgqouXJtLsU+26hZhHEEy80fSs=
+cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE=
+cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM=
+cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA=
+cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY=
+cloud.google.com/go/memcache v1.9.0 h1:8/VEmWCpnETCrBwS3z4MhT+tIdKgR1Z4Tr2tvYH32rg=
cloud.google.com/go/memcache v1.9.0/go.mod h1:8oEyzXCu+zo9RzlEaEjHl4KkgjlNDaXbCQeQWlzNFJM=
cloud.google.com/go/memcache v1.10.1 h1:7lkLsF0QF+Mre0O/NvkD9Q5utUNwtzvIYjrOLOs0HO0=
cloud.google.com/go/memcache v1.10.1/go.mod h1:47YRQIarv4I3QS5+hoETgKO40InqzLP6kpNLvyXuyaA=
+cloud.google.com/go/memcache v1.10.4 h1:cdex/ayDd294XBj2cGeMe6Y+H1JvhN8y78B9UW7pxuQ=
+cloud.google.com/go/memcache v1.10.5 h1:yeDv5qxRedFosvpMSEswrqUsJM5OdWvssPHFliNFTc4=
+cloud.google.com/go/memcache v1.10.5/go.mod h1:/FcblbNd0FdMsx4natdj+2GWzTq+cjZvMa1I+9QsuMA=
+cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY=
+cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s=
+cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8=
+cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI=
+cloud.google.com/go/metastore v1.10.0 h1:QCFhZVe2289KDBQ7WxaHV2rAmPrmRAdLC6gbjUd3HPo=
cloud.google.com/go/metastore v1.10.0/go.mod h1:fPEnH3g4JJAk+gMRnrAnoqyv2lpUCqJPWOodSaf45Eo=
cloud.google.com/go/metastore v1.12.0 h1:+9DsxUOHvsqvC0ylrRc/JwzbXJaaBpfIK3tX0Lx8Tcc=
cloud.google.com/go/metastore v1.12.0/go.mod h1:uZuSo80U3Wd4zi6C22ZZliOUJ3XeM/MlYi/z5OAOWRA=
+cloud.google.com/go/metastore v1.13.3 h1:94l/Yxg9oBZjin2bzI79oK05feYefieDq0o5fjLSkC8=
+cloud.google.com/go/metastore v1.13.4 h1:dR7vqWXlK6IYR8Wbu9mdFfwlVjodIBhd1JRrpZftTEg=
+cloud.google.com/go/metastore v1.13.4/go.mod h1:FMv9bvPInEfX9Ac1cVcRXp8EBBQnBcqH6gz3KvJ9BAE=
+cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk=
+cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4=
+cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w=
+cloud.google.com/go/monitoring v1.13.0 h1:2qsrgXGVoRXpP7otZ14eE1I568zAa92sJSDPyOJvwjM=
cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw=
cloud.google.com/go/monitoring v1.16.0 h1:rlndy4K8yknMY9JuGe2aK4SbCh21FXoCdX7SAGHmRgI=
cloud.google.com/go/monitoring v1.16.0/go.mod h1:Ptp15HgAyM1fNICAojDMoNc/wUmn67mLHQfyqbw+poY=
+cloud.google.com/go/monitoring v1.16.3 h1:mf2SN9qSoBtIgiMA4R/y4VADPWZA7VCNJA079qLaZQ8=
+cloud.google.com/go/monitoring v1.17.1/go.mod h1:SJzPMakCF0GHOuKEH/r4hxVKF04zl+cRPQyc3d/fqII=
+cloud.google.com/go/monitoring v1.18.0 h1:NfkDLQDG2UR3WYZVQE8kwSbUIEyIqJUPl+aOQdFH1T4=
+cloud.google.com/go/monitoring v1.18.0/go.mod h1:c92vVBCeq/OB4Ioyo+NbN2U7tlg5ZH41PZcdvfc+Lcg=
+cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA=
+cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o=
+cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM=
+cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8=
+cloud.google.com/go/networkconnectivity v1.10.0/go.mod h1:UP4O4sWXJG13AqrTdQCD9TnLGEbtNRqjuaaA7bNjF5E=
+cloud.google.com/go/networkconnectivity v1.11.0 h1:ZD6b4Pk1jEtp/cx9nx0ZYcL3BKqDa+KixNDZ6Bjs1B8=
cloud.google.com/go/networkconnectivity v1.11.0/go.mod h1:iWmDD4QF16VCDLXUqvyspJjIEtBR/4zq5hwnY2X3scM=
cloud.google.com/go/networkconnectivity v1.13.0 h1:kG2PX6URJ9Kvotfdm+hH8WIhrRY77sAKytUGOz+MgN0=
cloud.google.com/go/networkconnectivity v1.13.0/go.mod h1:SAnGPes88pl7QRLUen2HmcBSE9AowVAcdug8c0RSBFk=
+cloud.google.com/go/networkconnectivity v1.14.3 h1:e9lUkCe2BexsqsUc2bjV8+gFBpQa54J+/F3qKVtW+wA=
+cloud.google.com/go/networkconnectivity v1.14.4 h1:GBfXFhLyPspnaBE3nI/BRjdhW8vcbpT9QjE/4kDCDdc=
+cloud.google.com/go/networkconnectivity v1.14.4/go.mod h1:PU12q++/IMnDJAB+3r+tJtuCXCfwfN+C6Niyj6ji1Po=
+cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8=
+cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4=
+cloud.google.com/go/networkmanagement v1.6.0 h1:8KWEUNGcpSX9WwZXq7FtciuNGPdPdPN/ruDm769yAEM=
cloud.google.com/go/networkmanagement v1.6.0/go.mod h1:5pKPqyXjB/sgtvB5xqOemumoQNB7y95Q7S+4rjSOPYY=
cloud.google.com/go/networkmanagement v1.9.0 h1:aA6L8aioyM4S6nlPYzp2SvB88lBcByZmqMJM6ReafzU=
cloud.google.com/go/networkmanagement v1.9.0/go.mod h1:UTUaEU9YwbCAhhz3jEOHr+2/K/MrBk2XxOLS89LQzFw=
+cloud.google.com/go/networkmanagement v1.9.3 h1:HsQk4FNKJUX04k3OI6gUsoveiHMGvDRqlaFM2xGyvqU=
+cloud.google.com/go/networkmanagement v1.9.4 h1:aLV5GcosBNmd6M8+a0ekB0XlLRexv4fvnJJrYnqeBcg=
+cloud.google.com/go/networkmanagement v1.9.4/go.mod h1:daWJAl0KTFytFL7ar33I6R/oNBH8eEOX/rBNHrC/8TA=
+cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ=
+cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU=
+cloud.google.com/go/networksecurity v0.7.0/go.mod h1:mAnzoxx/8TBSyXEeESMy9OOYwo1v+gZ5eMRnsT5bC8k=
+cloud.google.com/go/networksecurity v0.8.0 h1:sOc42Ig1K2LiKlzG71GUVloeSJ0J3mffEBYmvu+P0eo=
cloud.google.com/go/networksecurity v0.8.0/go.mod h1:B78DkqsxFG5zRSVuwYFRZ9Xz8IcQ5iECsNrPn74hKHU=
cloud.google.com/go/networksecurity v0.9.1 h1:TBLEkMp3AE+6IV/wbIGRNTxnqLXHCTEQWoxRVC18TzY=
cloud.google.com/go/networksecurity v0.9.1/go.mod h1:MCMdxOKQ30wsBI1eI659f9kEp4wuuAueoC9AJKSPWZQ=
+cloud.google.com/go/networksecurity v0.9.4 h1:947tNIPnj1bMGTIEBo3fc4QrrFKS5hh0bFVsHmFm4Vo=
+cloud.google.com/go/networksecurity v0.9.5 h1:+caSxBTj0E8OYVh/5wElFdjEMO1S/rZtE1152Cepchc=
+cloud.google.com/go/networksecurity v0.9.5/go.mod h1:KNkjH/RsylSGyyZ8wXpue8xpCEK+bTtvof8SBfIhMG8=
+cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY=
+cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34=
+cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA=
+cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0=
+cloud.google.com/go/notebooks v1.7.0/go.mod h1:PVlaDGfJgj1fl1S3dUwhFMXFgfYGhYQt2164xOMONmE=
+cloud.google.com/go/notebooks v1.8.0 h1:Kg2K3K7CbSXYJHZ1aGQpf1xi5x2GUvQWf2sFVuiZh8M=
cloud.google.com/go/notebooks v1.8.0/go.mod h1:Lq6dYKOYOWUCTvw5t2q1gp1lAp0zxAxRycayS0iJcqQ=
cloud.google.com/go/notebooks v1.10.0 h1:6x2K1JAWv6RW2yQO6oa+xtKUGOpGQseCmT94vpOt1vc=
cloud.google.com/go/notebooks v1.10.0/go.mod h1:SOPYMZnttHxqot0SGSFSkRrwE29eqnKPBJFqgWmiK2k=
+cloud.google.com/go/notebooks v1.11.2 h1:eTOTfNL1yM6L/PCtquJwjWg7ZZGR0URFaFgbs8kllbM=
+cloud.google.com/go/notebooks v1.11.3 h1:FH48boYmrWVQ6k0Mx/WrnNafXncT5iSYxA8CNyWTgy0=
+cloud.google.com/go/notebooks v1.11.3/go.mod h1:0wQyI2dQC3AZyQqWnRsp+yA+kY4gC7ZIVP4Qg3AQcgo=
+cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4=
+cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs=
+cloud.google.com/go/optimization v1.3.1 h1:dj8O4VOJRB4CUwZXdmwNViH1OtI0WtWL867/lnYH248=
cloud.google.com/go/optimization v1.3.1/go.mod h1:IvUSefKiwd1a5p0RgHDbWCIbDFgKuEdB+fPPuP0IDLI=
cloud.google.com/go/optimization v1.5.0 h1:sGvPVtBJUKNYAwldhJvFmnM+EEdOXjDzjcly3g0n0Xg=
cloud.google.com/go/optimization v1.5.0/go.mod h1:evo1OvTxeBRBu6ydPlrIRizKY/LJKo/drDMMRKqGEUU=
+cloud.google.com/go/optimization v1.6.2 h1:iFsoexcp13cGT3k/Hv8PA5aK+FP7FnbhwDO9llnruas=
+cloud.google.com/go/optimization v1.6.3 h1:63NZaWyN+5rZEKHPX4ACpw3BjgyeuY8+rCehiCMaGPY=
+cloud.google.com/go/optimization v1.6.3/go.mod h1:8ve3svp3W6NFcAEFr4SfJxrldzhUl4VMUJmhrqVKtYA=
+cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA=
+cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk=
+cloud.google.com/go/orchestration v1.6.0 h1:Vw+CEXo8M/FZ1rb4EjcLv0gJqqw89b7+g+C/EmniTb8=
cloud.google.com/go/orchestration v1.6.0/go.mod h1:M62Bevp7pkxStDfFfTuCOaXgaaqRAga1yKyoMtEoWPQ=
cloud.google.com/go/orchestration v1.8.1 h1:KmN18kE/xa1n91cM5jhCh7s1/UfIguSCisw7nTMUzgE=
cloud.google.com/go/orchestration v1.8.1/go.mod h1:4sluRF3wgbYVRqz7zJ1/EUNc90TTprliq9477fGobD8=
+cloud.google.com/go/orchestration v1.8.4 h1:kgwZ2f6qMMYIVBtUGGoU8yjYWwMTHDanLwM/CQCFaoQ=
+cloud.google.com/go/orchestration v1.8.5 h1:YHgWMlrPttIVGItgGfuvO2KM7x+y9ivN/Yk92pMm1a4=
+cloud.google.com/go/orchestration v1.8.5/go.mod h1:C1J7HesE96Ba8/hZ71ISTV2UAat0bwN+pi85ky38Yq8=
+cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE=
+cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc=
+cloud.google.com/go/orgpolicy v1.10.0 h1:XDriMWug7sd0kYT1QKofRpRHzjad0bK8Q8uA9q+XrU4=
cloud.google.com/go/orgpolicy v1.10.0/go.mod h1:w1fo8b7rRqlXlIJbVhOMPrwVljyuW5mqssvBtU18ONc=
cloud.google.com/go/orgpolicy v1.11.1 h1:I/7dHICQkNwym9erHqmlb50LRU588NPCvkfIY0Bx9jI=
cloud.google.com/go/orgpolicy v1.11.1/go.mod h1:8+E3jQcpZJQliP+zaFfayC2Pg5bmhuLK755wKhIIUCE=
+cloud.google.com/go/orgpolicy v1.11.4 h1:RWuXQDr9GDYhjmrredQJC7aY7cbyqP9ZuLbq5GJGves=
+cloud.google.com/go/orgpolicy v1.12.1 h1:2JbXigqBJVp8Dx5dONUttFqewu4fP0p3pgOdIZAhpYU=
+cloud.google.com/go/orgpolicy v1.12.1/go.mod h1:aibX78RDl5pcK3jA8ysDQCFkVxLj3aOQqrbBaUL2V5I=
+cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs=
+cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg=
+cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo=
+cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw=
+cloud.google.com/go/osconfig v1.11.0 h1:PkSQx4OHit5xz2bNyr11KGcaFccL5oqglFPdTboyqwQ=
cloud.google.com/go/osconfig v1.11.0/go.mod h1:aDICxrur2ogRd9zY5ytBLV89KEgT2MKB2L/n6x1ooPw=
cloud.google.com/go/osconfig v1.12.1 h1:dgyEHdfqML6cUW6/MkihNdTVc0INQst0qSE8Ou1ub9c=
cloud.google.com/go/osconfig v1.12.1/go.mod h1:4CjBxND0gswz2gfYRCUoUzCm9zCABp91EeTtWXyz0tE=
+cloud.google.com/go/osconfig v1.12.4 h1:OrRCIYEAbrbXdhm13/JINn9pQchvTTIzgmOCA7uJw8I=
+cloud.google.com/go/osconfig v1.12.5 h1:Mo5jGAxOMKH/PmDY7fgY19yFcVbvwREb5D5zMPQjFfo=
+cloud.google.com/go/osconfig v1.12.5/go.mod h1:D9QFdxzfjgw3h/+ZaAb5NypM8bhOMqBzgmbhzWViiW8=
+cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E=
+cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU=
+cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70=
+cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo=
+cloud.google.com/go/oslogin v1.9.0 h1:whP7vhpmc+ufZa90eVpkfbgzJRK/Xomjz+XCD4aGwWw=
cloud.google.com/go/oslogin v1.9.0/go.mod h1:HNavntnH8nzrn8JCTT5fj18FuJLFJc4NaZJtBnQtKFs=
cloud.google.com/go/oslogin v1.10.1 h1:LdSuG3xBYu2Sgr3jTUULL1XCl5QBx6xwzGqzoDUw1j0=
cloud.google.com/go/oslogin v1.10.1/go.mod h1:x692z7yAue5nE7CsSnoG0aaMbNoRJRXO4sn73R+ZqAs=
+cloud.google.com/go/oslogin v1.12.2 h1:NP/KgsD9+0r9hmHC5wKye0vJXVwdciv219DtYKYjgqE=
+cloud.google.com/go/oslogin v1.13.1 h1:1K4nOT5VEZNt7XkhaTXupBYos5HjzvJMfhvyD2wWdFs=
+cloud.google.com/go/oslogin v1.13.1/go.mod h1:vS8Sr/jR7QvPWpCjNqy6LYZr5Zs1e8ZGW/KPn9gmhws=
+cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0=
+cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA=
+cloud.google.com/go/phishingprotection v0.7.0 h1:l6tDkT7qAEV49MNEJkEJTB6vOO/onbSOcNtAT09HPuA=
cloud.google.com/go/phishingprotection v0.7.0/go.mod h1:8qJI4QKHoda/sb/7/YmMQ2omRLSLYSu9bU0EKCNI+Lk=
cloud.google.com/go/phishingprotection v0.8.1 h1:aK/lNmSd1vtbft/vLe2g7edXK72sIQbqr2QyrZN/iME=
cloud.google.com/go/phishingprotection v0.8.1/go.mod h1:AxonW7GovcA8qdEk13NfHq9hNx5KPtfxXNeUxTDxB6I=
+cloud.google.com/go/phishingprotection v0.8.4 h1:sPLUQkHq6b4AL0czSJZ0jd6vL55GSTHz2B3Md+TCZI0=
+cloud.google.com/go/phishingprotection v0.8.5 h1:DH3WFLzEoJdW/6xgsmoDqOwT1xddFi7gKu0QGZQhpGU=
+cloud.google.com/go/phishingprotection v0.8.5/go.mod h1:g1smd68F7mF1hgQPuYn3z8HDbNre8L6Z0b7XMYFmX7I=
+cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg=
+cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE=
+cloud.google.com/go/policytroubleshooter v1.5.0/go.mod h1:Rz1WfV+1oIpPdN2VvvuboLVRsB1Hclg3CKQ53j9l8vw=
+cloud.google.com/go/policytroubleshooter v1.6.0 h1:yKAGC4p9O61ttZUswaq9GAn1SZnEzTd0vUYXD7ZBT7Y=
cloud.google.com/go/policytroubleshooter v1.6.0/go.mod h1:zYqaPTsmfvpjm5ULxAyD/lINQxJ0DDsnWOP/GZ7xzBc=
cloud.google.com/go/policytroubleshooter v1.9.0 h1:pT4qSiL5o0hBSWHDiOcmes/s301PeLLWEhAr/eMQB/g=
cloud.google.com/go/policytroubleshooter v1.9.0/go.mod h1:+E2Lga7TycpeSTj2FsH4oXxTnrbHJGRlKhVZBLGgU64=
+cloud.google.com/go/policytroubleshooter v1.10.2 h1:sq+ScLP83d7GJy9+wpwYJVnY+q6xNTXwOdRIuYjvHT4=
+cloud.google.com/go/policytroubleshooter v1.10.3 h1:c0WOzC6hz964QWNBkyKfna8A2jOIx1zzZa43Gx/P09o=
+cloud.google.com/go/policytroubleshooter v1.10.3/go.mod h1:+ZqG3agHT7WPb4EBIRqUv4OyIwRTZvsVDHZ8GlZaoxk=
+cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0=
+cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI=
+cloud.google.com/go/privatecatalog v0.7.0/go.mod h1:2s5ssIFO69F5csTXcwBP7NPFTZvps26xGzvQ2PQaBYg=
+cloud.google.com/go/privatecatalog v0.8.0 h1:EPEJ1DpEGXLDnmc7mnCAqFmkwUJbIsaLAiLHVOkkwtc=
cloud.google.com/go/privatecatalog v0.8.0/go.mod h1:nQ6pfaegeDAq/Q5lrfCQzQLhubPiZhSaNhIgfJlnIXs=
cloud.google.com/go/privatecatalog v0.9.1 h1:B/18xGo+E0EMS9LOEQ0zXz7F2asMgmVgTYGSI89MHOA=
cloud.google.com/go/privatecatalog v0.9.1/go.mod h1:0XlDXW2unJXdf9zFz968Hp35gl/bhF4twwpXZAW50JA=
+cloud.google.com/go/privatecatalog v0.9.4 h1:Vo10IpWKbNvc/z/QZPVXgCiwfjpWoZ/wbgful4Uh/4E=
+cloud.google.com/go/privatecatalog v0.9.5 h1:UZ0assTnATXSggoxUIh61RjTQ4P9zCMk/kEMbn0nMYA=
+cloud.google.com/go/privatecatalog v0.9.5/go.mod h1:fVWeBOVe7uj2n3kWRGlUQqR/pOd450J9yZoOECcQqJk=
cloud.google.com/go/pubsub v1.3.1 h1:ukjixP1wl0LpnZ6LWtZJ0mX5tBmjp1f8Sqer8Z2OMUU=
cloud.google.com/go/pubsub v1.5.0/go.mod h1:ZEwJccE3z93Z2HWvstpri00jOg7oO4UZDtKhwDwqF0w=
+cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI=
+cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0=
+cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8=
+cloud.google.com/go/pubsub v1.30.0 h1:vCge8m7aUKBJYOgrZp7EsNDf6QMd2CAlXZqWTn3yq6s=
cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4=
cloud.google.com/go/pubsub v1.33.0 h1:6SPCPvWav64tj0sVX/+npCBKhUi/UjJehy9op/V3p2g=
cloud.google.com/go/pubsub v1.33.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc=
+cloud.google.com/go/pubsub v1.36.1 h1:dfEPuGCHGbWUhaMCTHUFjfroILEkx55iUmKBZTP5f+Y=
+cloud.google.com/go/pubsub v1.36.1/go.mod h1:iYjCa9EzWOoBiTdd4ps7QoMtMln5NwaZQpK1hbRfBDE=
+cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg=
+cloud.google.com/go/pubsublite v1.6.0/go.mod h1:1eFCS0U11xlOuMFV/0iBqw3zP12kddMeCbj/F3FSj9k=
+cloud.google.com/go/pubsublite v1.7.0 h1:cb9fsrtpINtETHiJ3ECeaVzrfIVhcGjhhJEjybHXHao=
cloud.google.com/go/pubsublite v1.7.0/go.mod h1:8hVMwRXfDfvGm3fahVbtDbiLePT3gpoiJYJY+vxWxVM=
cloud.google.com/go/pubsublite v1.8.1 h1:pX+idpWMIH30/K7c0epN6V703xpIcMXWRjKJsz0tYGY=
cloud.google.com/go/pubsublite v1.8.1/go.mod h1:fOLdU4f5xldK4RGJrBMm+J7zMWNj/k4PxwEZXy39QS0=
+cloud.google.com/go/recaptchaenterprise v1.3.1 h1:u6EznTGzIdsyOsvm+Xkw0aSuKFXQlyjGE9a4exk6iNQ=
cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4=
+cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o=
+cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk=
+cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo=
+cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI5sbwx9LBg3te2N6hGvHn2mE=
+cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U=
+cloud.google.com/go/recaptchaenterprise/v2 v2.6.0/go.mod h1:RPauz9jeLtB3JVzg6nCbe12qNoaa8pXc4d/YukAmcnA=
+cloud.google.com/go/recaptchaenterprise/v2 v2.7.0 h1:6iOCujSNJ0YS7oNymI64hXsjGq60T4FK1zdLugxbzvU=
cloud.google.com/go/recaptchaenterprise/v2 v2.7.0/go.mod h1:19wVj/fs5RtYtynAPJdDTb69oW0vNHYDBTbB4NvMD9c=
cloud.google.com/go/recaptchaenterprise/v2 v2.7.2 h1:IGkbudobsTXAwmkEYOzPCQPApUCsN4Gbq3ndGVhHQpI=
cloud.google.com/go/recaptchaenterprise/v2 v2.7.2/go.mod h1:kR0KjsJS7Jt1YSyWFkseQ756D45kaYNTlDPPaRAvDBU=
+cloud.google.com/go/recaptchaenterprise/v2 v2.8.3 h1:UaV9C58snc5IsRQ6NN65jmRGnTdPT7mYZzK4Vbun+ik=
+cloud.google.com/go/recaptchaenterprise/v2 v2.8.3/go.mod h1:Dak54rw6lC2gBY8FBznpOCAR58wKf+R+ZSJRoeJok4w=
+cloud.google.com/go/recaptchaenterprise/v2 v2.8.4 h1:KOlLHLv3h3HwcZAkx91ubM3Oztz3JtT3ZacAJhWDorQ=
+cloud.google.com/go/recaptchaenterprise/v2 v2.9.2 h1:U3Wfq12X9cVMuTpsWDSURnXF0Z9hSPTHj+xsnXDRLsw=
+cloud.google.com/go/recaptchaenterprise/v2 v2.9.2/go.mod h1:trwwGkfhCmp05Ll5MSJPXY7yvnO0p4v3orGANAFHAuU=
+cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg=
+cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4=
+cloud.google.com/go/recommendationengine v0.7.0 h1:VibRFCwWXrFebEWKHfZAt2kta6pS7Tlimsnms0fjv7k=
cloud.google.com/go/recommendationengine v0.7.0/go.mod h1:1reUcE3GIu6MeBz/h5xZJqNLuuVjNg1lmWMPyjatzac=
cloud.google.com/go/recommendationengine v0.8.1 h1:nMr1OEVHuDambRn+/y4RmNAmnR/pXCuHtH0Y4tCgGRQ=
cloud.google.com/go/recommendationengine v0.8.1/go.mod h1:MrZihWwtFYWDzE6Hz5nKcNz3gLizXVIDI/o3G1DLcrE=
+cloud.google.com/go/recommendationengine v0.8.4 h1:JRiwe4hvu3auuh2hujiTc2qNgPPfVp+Q8KOpsXlEzKQ=
+cloud.google.com/go/recommendationengine v0.8.5 h1:ineqLswaCSBY0csYv5/wuXJMBlxATK6Xc5jJkpiTEdM=
+cloud.google.com/go/recommendationengine v0.8.5/go.mod h1:A38rIXHGFvoPvmy6pZLozr0g59NRNREz4cx7F58HAsQ=
+cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg=
+cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c=
+cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs=
+cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70=
+cloud.google.com/go/recommender v1.9.0 h1:ZnFRY5R6zOVk2IDS1Jbv5Bw+DExCI5rFumsTnMXiu/A=
cloud.google.com/go/recommender v1.9.0/go.mod h1:PnSsnZY7q+VL1uax2JWkt/UegHssxjUVVCrX52CuEmQ=
cloud.google.com/go/recommender v1.11.0 h1:SuzbMJhDAiPro7tR9QP7EX97+TI31urjsIgNh9XQHl8=
cloud.google.com/go/recommender v1.11.0/go.mod h1:kPiRQhPyTJ9kyXPCG6u/dlPLbYfFlkwHNRwdzPVAoII=
+cloud.google.com/go/recommender v1.11.3 h1:VndmgyS/J3+izR8V8BHa7HV/uun8//ivQ3k5eVKKyyM=
+cloud.google.com/go/recommender v1.12.1 h1:LVLYS3r3u0MSCxQSDUtLSkporEGi9OAE6hGvayrZNPs=
+cloud.google.com/go/recommender v1.12.1/go.mod h1:gf95SInWNND5aPas3yjwl0I572dtudMhMIG4ni8nr+0=
+cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y=
+cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A=
+cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA=
+cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM=
+cloud.google.com/go/redis v1.11.0 h1:JoAd3SkeDt3rLFAAxEvw6wV4t+8y4ZzfZcZmddqphQ8=
cloud.google.com/go/redis v1.11.0/go.mod h1:/X6eicana+BWcUda5PpwZC48o37SiFVTFSs0fWAJ7uQ=
cloud.google.com/go/redis v1.13.1 h1:YrjQnCC7ydk+k30op7DSjSHw1yAYhqYXFcOq1bSXRYA=
cloud.google.com/go/redis v1.13.1/go.mod h1:VP7DGLpE91M6bcsDdMuyCm2hIpB6Vp2hI090Mfd1tcg=
+cloud.google.com/go/redis v1.14.1 h1:J9cEHxG9YLmA9o4jTSvWt/RuVEn6MTrPlYSCRHujxDQ=
+cloud.google.com/go/redis v1.14.2 h1:QF0maEdVv0Fj/2roU8sX3NpiDBzP9ICYTO+5F32gQNo=
+cloud.google.com/go/redis v1.14.2/go.mod h1:g0Lu7RRRz46ENdFKQ2EcQZBAJ2PtJHJLuiiRuEXwyQw=
+cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA=
+cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0=
+cloud.google.com/go/resourcemanager v1.5.0/go.mod h1:eQoXNAiAvCf5PXxWxXjhKQoTMaUSNrEfg+6qdf/wots=
+cloud.google.com/go/resourcemanager v1.6.0/go.mod h1:YcpXGRs8fDzcUl1Xw8uOVmI8JEadvhRIkoXXUNVYcVo=
+cloud.google.com/go/resourcemanager v1.7.0 h1:NRM0p+RJkaQF9Ee9JMnUV9BQ2QBIOq/v8M+Pbv/wmCs=
cloud.google.com/go/resourcemanager v1.7.0/go.mod h1:HlD3m6+bwhzj9XCouqmeiGuni95NTrExfhoSrkC/3EI=
cloud.google.com/go/resourcemanager v1.9.1 h1:QIAMfndPOHR6yTmMUB0ZN+HSeRmPjR/21Smq5/xwghI=
cloud.google.com/go/resourcemanager v1.9.1/go.mod h1:dVCuosgrh1tINZ/RwBufr8lULmWGOkPS8gL5gqyjdT8=
+cloud.google.com/go/resourcemanager v1.9.4 h1:JwZ7Ggle54XQ/FVYSBrMLOQIKoIT/uer8mmNvNLK51k=
+cloud.google.com/go/resourcemanager v1.9.5 h1:AZWr1vWVDKGwfLsVhcN+vcwOz3xqqYxtmMa0aABCMms=
+cloud.google.com/go/resourcemanager v1.9.5/go.mod h1:hep6KjelHA+ToEjOfO3garMKi/CLYwTqeAw7YiEI9x8=
+cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU=
+cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg=
+cloud.google.com/go/resourcesettings v1.5.0 h1:8Dua37kQt27CCWHm4h/Q1XqCF6ByD7Ouu49xg95qJzI=
cloud.google.com/go/resourcesettings v1.5.0/go.mod h1:+xJF7QSG6undsQDfsCJyqWXyBwUoJLhetkRMDRnIoXA=
cloud.google.com/go/resourcesettings v1.6.1 h1:Fdyq418U69LhvNPFdlEO29w+DRRjwDA4/pFamm4ksAg=
cloud.google.com/go/resourcesettings v1.6.1/go.mod h1:M7mk9PIZrC5Fgsu1kZJci6mpgN8o0IUzVx3eJU3y4Jw=
+cloud.google.com/go/resourcesettings v1.6.4 h1:yTIL2CsZswmMfFyx2Ic77oLVzfBFoWBYgpkgiSPnC4Y=
+cloud.google.com/go/resourcesettings v1.6.5 h1:BTr5MVykJwClASci/7Og4Qfx70aQ4n3epsNLj94ZYgw=
+cloud.google.com/go/resourcesettings v1.6.5/go.mod h1:WBOIWZraXZOGAgoR4ukNj0o0HiSMO62H9RpFi9WjP9I=
+cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4=
+cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY=
+cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc=
+cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y=
+cloud.google.com/go/retail v1.12.0 h1:1Dda2OpFNzIb4qWgFZjYlpP7sxX3aLeypKG6A3H4Yys=
cloud.google.com/go/retail v1.12.0/go.mod h1:UMkelN/0Z8XvKymXFbD4EhFJlYKRx1FGhQkVPU5kF14=
cloud.google.com/go/retail v1.14.1 h1:gYBrb9u/Hc5s5lUTFXX1Vsbc/9BEvgtioY6ZKaK0DK8=
cloud.google.com/go/retail v1.14.1/go.mod h1:y3Wv3Vr2k54dLNIrCzenyKG8g8dhvhncT2NcNjb/6gE=
+cloud.google.com/go/retail v1.14.4 h1:geqdX1FNqqL2p0ADXjPpw8lq986iv5GrVcieTYafuJQ=
+cloud.google.com/go/retail v1.15.1/go.mod h1:In9nSBOYhLbDGa87QvWlnE1XA14xBN2FpQRiRsUs9wU=
+cloud.google.com/go/retail v1.16.0 h1:Fn1GuAua1c6crCGqfJ1qMxG1Xh10Tg/x5EUODEHMqkw=
+cloud.google.com/go/retail v1.16.0/go.mod h1:LW7tllVveZo4ReWt68VnldZFWJRzsh9np+01J9dYWzE=
+cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do=
+cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo=
+cloud.google.com/go/run v0.8.0/go.mod h1:VniEnuBwqjigv0A7ONfQUaEItaiCRVujlMqerPPiktM=
+cloud.google.com/go/run v0.9.0 h1:ydJQo+k+MShYnBfhaRHSZYeD/SQKZzZLAROyfpeD9zw=
cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg=
cloud.google.com/go/run v1.2.0 h1:kHeIG8q+N6Zv0nDkBjSOYfK2eWqa5FnaiDPH/7/HirE=
cloud.google.com/go/run v1.2.0/go.mod h1:36V1IlDzQ0XxbQjUx6IYbw8H3TJnWvhii963WW3B/bo=
+cloud.google.com/go/run v1.3.3 h1:qdfZteAm+vgzN1iXzILo3nJFQbzziudkJrvd9wCf3FQ=
+cloud.google.com/go/run v1.3.4 h1:m9WDA7DzTpczhZggwYlZcBWgCRb+kgSIisWn1sbw2rQ=
+cloud.google.com/go/run v1.3.4/go.mod h1:FGieuZvQ3tj1e9GnzXqrMABSuir38AJg5xhiYq+SF3o=
+cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s=
+cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI=
+cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk=
+cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44=
+cloud.google.com/go/scheduler v1.8.0/go.mod h1:TCET+Y5Gp1YgHT8py4nlg2Sew8nUHMqcpousDgXJVQc=
+cloud.google.com/go/scheduler v1.9.0 h1:NpQAHtx3sulByTLe2dMwWmah8PWgeoieFPpJpArwFV0=
cloud.google.com/go/scheduler v1.9.0/go.mod h1:yexg5t+KSmqu+njTIh3b7oYPheFtBWGcbVUYF1GGMIc=
cloud.google.com/go/scheduler v1.10.1 h1:yoZbZR8880KgPGLmACOMCiY2tPk+iX4V/dkxqTirlz8=
cloud.google.com/go/scheduler v1.10.1/go.mod h1:R63Ldltd47Bs4gnhQkmNDse5w8gBRrhObZ54PxgR2Oo=
+cloud.google.com/go/scheduler v1.10.4 h1:LXm6L6IYW3Fy8lxU7kvT7r6JiW/noxn2gItJmsvwzV4=
+cloud.google.com/go/scheduler v1.10.4/go.mod h1:MTuXcrJC9tqOHhixdbHDFSIuh7xZF2IysiINDuiq6NI=
+cloud.google.com/go/scheduler v1.10.5 h1:eMEettHlFhG5pXsoHouIM5nRT+k+zU4+GUvRtnxhuVI=
+cloud.google.com/go/scheduler v1.10.6 h1:5U8iXLoQ03qOB+ZXlAecU7fiE33+u3QiM9nh4cd0eTE=
+cloud.google.com/go/scheduler v1.10.6/go.mod h1:pe2pNCtJ+R01E06XCDOJs1XvAMbv28ZsQEbqknxGOuE=
+cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA=
+cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4=
+cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4=
+cloud.google.com/go/secretmanager v1.10.0 h1:pu03bha7ukxF8otyPKTFdDz+rr9sE3YauS5PliDXK60=
cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU=
cloud.google.com/go/secretmanager v1.11.1 h1:cLTCwAjFh9fKvU6F13Y4L9vPcx9yiWPyWXE4+zkuEQs=
cloud.google.com/go/secretmanager v1.11.1/go.mod h1:znq9JlXgTNdBeQk9TBW/FnR/W4uChEKGeqQWAJ8SXFw=
+cloud.google.com/go/secretmanager v1.11.4 h1:krnX9qpG2kR2fJ+u+uNyNo+ACVhplIAS4Pu7u+4gd+k=
+cloud.google.com/go/secretmanager v1.11.5 h1:82fpF5vBBvu9XW4qj0FU2C6qVMtj1RM/XHwKXUEAfYY=
+cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4=
+cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4=
+cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0=
+cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU=
+cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q=
+cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA=
+cloud.google.com/go/security v1.12.0/go.mod h1:rV6EhrpbNHrrxqlvW0BWAIawFWq3X90SduMJdFwtLB8=
+cloud.google.com/go/security v1.13.0 h1:PYvDxopRQBfYAXKAuDpFCKBvDOWPWzp9k/H5nB3ud3o=
cloud.google.com/go/security v1.13.0/go.mod h1:Q1Nvxl1PAgmeW0y3HTt54JYIvUdtcpYKVfIB8AOMZ+0=
cloud.google.com/go/security v1.15.1 h1:jR3itwycg/TgGA0uIgTItcVhA55hKWiNJxaNNpQJaZE=
cloud.google.com/go/security v1.15.1/go.mod h1:MvTnnbsWnehoizHi09zoiZob0iCHVcL4AUBj76h9fXA=
+cloud.google.com/go/security v1.15.4 h1:sdnh4Islb1ljaNhpIXlIPgb3eYj70QWgPVDKOUYvzJc=
+cloud.google.com/go/security v1.15.5 h1:wTKJQ10j8EYgvE8Y+KhovxDRVDk2iv/OsxZ6GrLP3kE=
+cloud.google.com/go/security v1.15.5/go.mod h1:KS6X2eG3ynWjqcIX976fuToN5juVkF6Ra6c7MPnldtc=
+cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU=
+cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc=
+cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk=
+cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk=
+cloud.google.com/go/securitycenter v1.18.1/go.mod h1:0/25gAzCM/9OL9vVx4ChPeM/+DlfGQJDwBy/UC8AKK0=
+cloud.google.com/go/securitycenter v1.19.0 h1:AF3c2s3awNTMoBtMX3oCUoOMmGlYxGOeuXSYHNBkf14=
cloud.google.com/go/securitycenter v1.19.0/go.mod h1:LVLmSg8ZkkyaNy4u7HCIshAngSQ8EcIRREP3xBnyfag=
cloud.google.com/go/securitycenter v1.23.0 h1:XOGJ9OpnDtqg8izd7gYk/XUhj8ytjIalyjjsR6oyG0M=
cloud.google.com/go/securitycenter v1.23.0/go.mod h1:8pwQ4n+Y9WCWM278R8W3nF65QtY172h4S8aXyI9/hsQ=
+cloud.google.com/go/securitycenter v1.24.2 h1:qCEyXoJoxNKKA1bDywBjjqCB7ODXazzHnVWnG5Uqd1M=
+cloud.google.com/go/securitycenter v1.24.4 h1:/5jjkZ+uGe8hZ7pvd7pO30VW/a+pT2MrrdgOqjyucKQ=
+cloud.google.com/go/securitycenter v1.24.4/go.mod h1:PSccin+o1EMYKcFQzz9HMMnZ2r9+7jbc+LvPjXhpwcU=
+cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU=
+cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s=
+cloud.google.com/go/servicecontrol v1.10.0/go.mod h1:pQvyvSRh7YzUF2efw7H87V92mxU8FnFDawMClGCNuAA=
+cloud.google.com/go/servicecontrol v1.11.0/go.mod h1:kFmTzYzTUIuZs0ycVqRHNaNhgR+UMUpw9n02l/pY+mc=
cloud.google.com/go/servicecontrol v1.11.1 h1:d0uV7Qegtfaa7Z2ClDzr9HJmnbJW7jn0WhZ7wOX6hLE=
cloud.google.com/go/servicecontrol v1.11.1/go.mod h1:aSnNNlwEFBY+PWGQ2DoM0JJ/QUXqV5/ZD9DOLB7SnUk=
+cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs=
+cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg=
+cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPjsRs1RlmJ4pqiNjVL4=
+cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U=
+cloud.google.com/go/servicedirectory v1.8.0/go.mod h1:srXodfhY1GFIPvltunswqXpVxFPpZjf8nkKQT7XcXaY=
+cloud.google.com/go/servicedirectory v1.9.0 h1:SJwk0XX2e26o25ObYUORXx6torSFiYgsGkWSkZgkoSU=
cloud.google.com/go/servicedirectory v1.9.0/go.mod h1:29je5JjiygNYlmsGz8k6o+OZ8vd4f//bQLtvzkPPT/s=
cloud.google.com/go/servicedirectory v1.11.0 h1:pBWpjCFVGWkzVTkqN3TBBIqNSoSHY86/6RL0soSQ4z8=
cloud.google.com/go/servicedirectory v1.11.0/go.mod h1:Xv0YVH8s4pVOwfM/1eMTl0XJ6bzIOSLDt8f8eLaGOxQ=
+cloud.google.com/go/servicedirectory v1.11.3 h1:5niCMfkw+jifmFtbBrtRedbXkJm3fubSR/KHbxSJZVM=
+cloud.google.com/go/servicedirectory v1.11.4 h1:da7HFI1229kyzIyuVEzHXip0cw0d+E0s8mjQby0WN+k=
+cloud.google.com/go/servicedirectory v1.11.4/go.mod h1:Bz2T9t+/Ehg6x+Y7Ycq5xiShYLD96NfEsWNHyitj1qM=
+cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco=
+cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo=
+cloud.google.com/go/servicemanagement v1.6.0/go.mod h1:aWns7EeeCOtGEX4OvZUWCCJONRZeFKiptqKf1D0l/Jc=
cloud.google.com/go/servicemanagement v1.8.0 h1:fopAQI/IAzlxnVeiKn/8WiV6zKndjFkvi+gzu+NjywY=
cloud.google.com/go/servicemanagement v1.8.0/go.mod h1:MSS2TDlIEQD/fzsSGfCdJItQveu9NXnUniTrq/L8LK4=
+cloud.google.com/go/serviceusage v1.3.0/go.mod h1:Hya1cozXM4SeSKTAgGXgj97GlqUvF5JaoXacR1JTP/E=
+cloud.google.com/go/serviceusage v1.4.0/go.mod h1:SB4yxXSaYVuUBYUml6qklyONXNLt83U0Rb+CXyhjEeU=
+cloud.google.com/go/serviceusage v1.5.0/go.mod h1:w8U1JvqUqwJNPEOTQjrMHkw3IaIFLoLsPLvsE3xueec=
cloud.google.com/go/serviceusage v1.6.0 h1:rXyq+0+RSIm3HFypctp7WoXxIA563rn206CfMWdqXX4=
cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DRwPG1xtWMDeuPA=
+cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4=
+cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw=
+cloud.google.com/go/shell v1.6.0 h1:wT0Uw7ib7+AgZST9eCDygwTJn4+bHMDtZo5fh7kGWDU=
cloud.google.com/go/shell v1.6.0/go.mod h1:oHO8QACS90luWgxP3N9iZVuEiSF84zNyLytb+qE2f9A=
cloud.google.com/go/shell v1.7.1 h1:aHbwH9LSqs4r2rbay9f6fKEls61TAjT63jSyglsw7sI=
cloud.google.com/go/shell v1.7.1/go.mod h1:u1RaM+huXFaTojTbW4g9P5emOrrmLE69KrxqQahKn4g=
+cloud.google.com/go/shell v1.7.4 h1:nurhlJcSVFZneoRZgkBEHumTYf/kFJptCK2eBUq/88M=
+cloud.google.com/go/shell v1.7.5 h1:3Fq2hzO0ZSyaqBboJrFkwwf/qMufDtqwwA6ep8EZxEI=
+cloud.google.com/go/shell v1.7.5/go.mod h1:hL2++7F47/IfpfTO53KYf1EC+F56k3ThfNEXd4zcuiE=
cloud.google.com/go/spanner v1.7.0/go.mod h1:sd3K2gZ9Fd0vMPLXzeCrF6fq4i63Q7aTLW/lBIfBkIk=
+cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos=
+cloud.google.com/go/spanner v1.44.0/go.mod h1:G8XIgYdOK+Fbcpbs7p2fiprDw4CaZX63whnSMLVBxjk=
+cloud.google.com/go/spanner v1.45.0 h1:7VdjZ8zj4sHbDw55atp5dfY6kn1j9sam9DRNpPQhqR4=
cloud.google.com/go/spanner v1.45.0/go.mod h1:FIws5LowYz8YAE1J8fOS7DJup8ff7xJeetWEo5REA2M=
cloud.google.com/go/spanner v1.49.0 h1:+HY8C4uztU7XyLz3xMi/LCXdetLEOExhvRFJu2NiVXM=
cloud.google.com/go/spanner v1.49.0/go.mod h1:eGj9mQGK8+hkgSVbHNQ06pQ4oS+cyc4tXXd6Dif1KoM=
+cloud.google.com/go/spanner v1.51.0 h1:l3exhhsVMKsx1E7Xd1QajYSvHmI1KZoWPW5tRxIIdvQ=
+cloud.google.com/go/spanner v1.51.0/go.mod h1:c5KNo5LQ1X5tJwma9rSQZsXNBDNvj4/n8BVc3LNahq0=
+cloud.google.com/go/spanner v1.53.0 h1:/NzWQJ1MEhdRcffiutRKbW/AIGVKhcTeivWTDjEyCCo=
+cloud.google.com/go/spanner v1.56.0 h1:o/Cv7/zZ1WgRXVCd5g3Nc23ZI39p/1pWFqFwvg6Wcu8=
+cloud.google.com/go/spanner v1.56.0/go.mod h1:DndqtUKQAt3VLuV2Le+9Y3WTnq5cNKrnLb/Piqcj+h0=
+cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM=
+cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ=
+cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0=
+cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco=
+cloud.google.com/go/speech v1.14.1/go.mod h1:gEosVRPJ9waG7zqqnsHpYTOoAS4KouMRLDFMekpJ0J0=
+cloud.google.com/go/speech v1.15.0 h1:JEVoWGNnTF128kNty7T4aG4eqv2z86yiMJPT9Zjp+iw=
cloud.google.com/go/speech v1.15.0/go.mod h1:y6oH7GhqCaZANH7+Oe0BhgIogsNInLlz542tg3VqeYI=
cloud.google.com/go/speech v1.19.0 h1:MCagaq8ObV2tr1kZJcJYgXYbIn8Ai5rp42tyGYw9rls=
cloud.google.com/go/speech v1.19.0/go.mod h1:8rVNzU43tQvxDaGvqOhpDqgkJTFowBpDvCJ14kGlJYo=
+cloud.google.com/go/speech v1.20.1 h1:OpJ666ao7XxXewGSAkDUJnW188tJ5hNPoM7pZB+Q730=
+cloud.google.com/go/speech v1.20.1/go.mod h1:wwolycgONvfz2EDU8rKuHRW3+wc9ILPsAWoikBEWavY=
+cloud.google.com/go/speech v1.21.0 h1:qkxNao58oF8ghAHE1Eghen7XepawYEN5zuZXYWaUTA4=
+cloud.google.com/go/speech v1.21.1 h1:nuFc+Kj5B8de75nN4FdPyUbI2SiBoHZG6BLurXL56Q0=
+cloud.google.com/go/speech v1.21.1/go.mod h1:E5GHZXYQlkqWQwY5xRSLHw2ci5NMQNG52FfMU1aZrIA=
cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
cloud.google.com/go/storage v1.18.2 h1:5NQw6tOn3eMm0oE8vTkfjau18kjL79FlMjy/CHTpmoY=
cloud.google.com/go/storage v1.18.2/go.mod h1:AiIj7BWXyhO5gGVmYJ+S8tbkCx3yb0IMjua8Aw4naVM=
+cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
+cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc=
+cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s=
+cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y=
+cloud.google.com/go/storage v1.29.0 h1:6weCgzRvMg7lzuUurI4697AqIRPU1SvzHhynwpW31jI=
cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4=
cloud.google.com/go/storage v1.30.1 h1:uOdMxAs8HExqBlnLtnQyP0YkvbiDpdGShGKtx6U/oNM=
cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E=
+cloud.google.com/go/storage v1.33.0 h1:PVrDOkIC8qQVa1P3SXGpQvfuJhN2LHOoyZvWs8D2X5M=
+cloud.google.com/go/storage v1.33.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/OxflYkiD8=
+cloud.google.com/go/storage v1.36.0/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYEsng2xgOs8=
+cloud.google.com/go/storage v1.38.0 h1:Az68ZRGlnNTpIBbLjSMIV2BDcwwXYlRlQzis0llkpJg=
+cloud.google.com/go/storage v1.38.0/go.mod h1:tlUADB0mAb9BgYls9lq+8MGkfzOXuLrnHXlpHmvFJoY=
+cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w=
+cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I=
+cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4=
+cloud.google.com/go/storagetransfer v1.8.0 h1:5T+PM+3ECU3EY2y9Brv0Sf3oka8pKmsCfpQ07+91G9o=
cloud.google.com/go/storagetransfer v1.8.0/go.mod h1:JpegsHHU1eXg7lMHkvf+KE5XDJ7EQu0GwNJbbVGanEw=
cloud.google.com/go/storagetransfer v1.10.0 h1:+ZLkeXx0K0Pk5XdDmG0MnUVqIR18lllsihU/yq39I8Q=
cloud.google.com/go/storagetransfer v1.10.0/go.mod h1:DM4sTlSmGiNczmV6iZyceIh2dbs+7z2Ayg6YAiQlYfA=
+cloud.google.com/go/storagetransfer v1.10.3 h1:YM1dnj5gLjfL6aDldO2s4GeU8JoAvH1xyIwXre63KmI=
+cloud.google.com/go/storagetransfer v1.10.4 h1:dy4fL3wO0VABvzM05ycMUPFHxTPbJz9Em8ikAJVqSbI=
+cloud.google.com/go/storagetransfer v1.10.4/go.mod h1:vef30rZKu5HSEf/x1tK3WfWrL0XVoUQN/EPDRGPzjZs=
+cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw=
+cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g=
+cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM=
+cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA=
+cloud.google.com/go/talent v1.5.0 h1:nI9sVZPjMKiO2q3Uu0KhTDVov3Xrlpt63fghP9XjyEM=
cloud.google.com/go/talent v1.5.0/go.mod h1:G+ODMj9bsasAEJkQSzO2uHQWXHHXUomArjWQQYkqK6c=
cloud.google.com/go/talent v1.6.2 h1:j46ZgD6N2YdpFPux9mc7OAf4YK3tiBCsbLKc8rQx+bU=
cloud.google.com/go/talent v1.6.2/go.mod h1:CbGvmKCG61mkdjcqTcLOkb2ZN1SrQI8MDyma2l7VD24=
+cloud.google.com/go/talent v1.6.5 h1:LnRJhhYkODDBoTwf6BeYkiJHFw9k+1mAFNyArwZUZAs=
+cloud.google.com/go/talent v1.6.6 h1:JssV0CE3FNujuSWn7SkosOzg7qrMxVnt6txOfGcMSa4=
+cloud.google.com/go/talent v1.6.6/go.mod h1:y/WQDKrhVz12WagoarpAIyKKMeKGKHWPoReZ0g8tseQ=
+cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8=
+cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4=
+cloud.google.com/go/texttospeech v1.6.0 h1:H4g1ULStsbVtalbZGktyzXzw6jP26RjVGYx9RaYjBzc=
cloud.google.com/go/texttospeech v1.6.0/go.mod h1:YmwmFT8pj1aBblQOI3TfKmwibnsfvhIBzPXcW4EBovc=
cloud.google.com/go/texttospeech v1.7.1 h1:S/pR/GZT9p15R7Y2dk2OXD/3AufTct/NSxT4a7nxByw=
cloud.google.com/go/texttospeech v1.7.1/go.mod h1:m7QfG5IXxeneGqTapXNxv2ItxP/FS0hCZBwXYqucgSk=
+cloud.google.com/go/texttospeech v1.7.4 h1:ahrzTgr7uAbvebuhkBAAVU6kRwVD0HWsmDsvMhtad5Q=
+cloud.google.com/go/texttospeech v1.7.5 h1:dxY2Q5mHCbrGa3oPR2O3PCicdnvKa1JmwGQK36EFLOw=
+cloud.google.com/go/texttospeech v1.7.5/go.mod h1:tzpCuNWPwrNJnEa4Pu5taALuZL4QRRLcb+K9pbhXT6M=
+cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ=
+cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg=
+cloud.google.com/go/tpu v1.5.0 h1:/34T6CbSi+kTv5E19Q9zbU/ix8IviInZpzwz3rsFE+A=
cloud.google.com/go/tpu v1.5.0/go.mod h1:8zVo1rYDFuW2l4yZVY0R0fb/v44xLh3llq7RuV61fPM=
cloud.google.com/go/tpu v1.6.1 h1:kQf1jgPY04UJBYYjNUO+3GrZtIb57MfGAW2bwgLbR3A=
cloud.google.com/go/tpu v1.6.1/go.mod h1:sOdcHVIgDEEOKuqUoi6Fq53MKHJAtOwtz0GuKsWSH3E=
+cloud.google.com/go/tpu v1.6.4 h1:XIEH5c0WeYGaVy9H+UueiTaf3NI6XNdB4/v6TFQJxtE=
+cloud.google.com/go/tpu v1.6.5 h1:C8YyYda8WtNdBoCgFwwBzZd+S6+EScHOxM/z1h0NNp8=
+cloud.google.com/go/tpu v1.6.5/go.mod h1:P9DFOEBIBhuEcZhXi+wPoVy/cji+0ICFi4TtTkMHSSs=
+cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28=
+cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y=
+cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA=
+cloud.google.com/go/trace v1.9.0 h1:olxC0QHC59zgJVALtgqfD9tGk0lfeCP5/AGXL3Px/no=
cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk=
cloud.google.com/go/trace v1.10.1 h1:EwGdOLCNfYOOPtgqo+D2sDLZmRCEO1AagRTJCU6ztdg=
cloud.google.com/go/trace v1.10.1/go.mod h1:gbtL94KE5AJLH3y+WVpfWILmqgc6dXcqgNXdOPAQTYk=
+cloud.google.com/go/trace v1.10.4 h1:2qOAuAzNezwW3QN+t41BtkDJOG42HywL73q8x/f6fnM=
+cloud.google.com/go/trace v1.10.5 h1:0pr4lIKJ5XZFYD9GtxXEWr0KkVeigc3wlGpZco0X1oA=
+cloud.google.com/go/trace v1.10.5/go.mod h1:9hjCV1nGBCtXbAE4YK7OqJ8pmPYSxPA0I67JwRd5s3M=
+cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs=
+cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg=
+cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0=
+cloud.google.com/go/translate v1.6.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos=
+cloud.google.com/go/translate v1.7.0 h1:GvLP4oQ4uPdChBmBaUSa/SaZxCdyWELtlAaKzpHsXdA=
cloud.google.com/go/translate v1.7.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos=
cloud.google.com/go/translate v1.9.0 h1:0na4gC54Lu05ir00dmUSuMkLAojDe1ALq4hBTUkhwjE=
cloud.google.com/go/translate v1.9.0/go.mod h1:d1ZH5aaOA0CNhWeXeC8ujd4tdCFw8XoNWRljklu5RHs=
+cloud.google.com/go/translate v1.9.3 h1:t5WXTqlrk8VVJu/i3WrYQACjzYJiff5szARHiyqqPzI=
+cloud.google.com/go/translate v1.10.1 h1:upovZ0wRMdzZvXnu+RPam41B0mRJ+coRXFP2cYFJ7ew=
+cloud.google.com/go/translate v1.10.1/go.mod h1:adGZcQNom/3ogU65N9UXHOnnSvjPwA/jKQUMnsYXOyk=
+cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk=
+cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw=
+cloud.google.com/go/video v1.12.0/go.mod h1:MLQew95eTuaNDEGriQdcYn0dTwf9oWiA4uYebxM5kdg=
+cloud.google.com/go/video v1.13.0/go.mod h1:ulzkYlYgCp15N2AokzKjy7MQ9ejuynOJdf1tR5lGthk=
+cloud.google.com/go/video v1.14.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ=
+cloud.google.com/go/video v1.15.0 h1:upIbnGI0ZgACm58HPjAeBMleW3sl5cT84AbYQ8PWOgM=
cloud.google.com/go/video v1.15.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ=
cloud.google.com/go/video v1.20.0 h1:AkjXyJfQ7DtPyDOAbTMeiGcuKsO8/iKSb3fAmTUHYSg=
cloud.google.com/go/video v1.20.0/go.mod h1:U3G3FTnsvAGqglq9LxgqzOiBc/Nt8zis8S+850N2DUM=
+cloud.google.com/go/video v1.20.3 h1:Xrpbm2S9UFQ1pZEeJt9Vqm5t2T/z9y/M3rNXhFoo8Is=
+cloud.google.com/go/video v1.20.4 h1:TXwotxkShP1OqgKsbd+b8N5hrIHavSyLGvYnLGCZ7xc=
+cloud.google.com/go/video v1.20.4/go.mod h1:LyUVjyW+Bwj7dh3UJnUGZfyqjEto9DnrvTe1f/+QrW0=
+cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU=
+cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4=
+cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M=
+cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU=
+cloud.google.com/go/videointelligence v1.10.0 h1:Uh5BdoET8XXqXX2uXIahGb+wTKbLkGH7s4GXR58RrG8=
cloud.google.com/go/videointelligence v1.10.0/go.mod h1:LHZngX1liVtUhZvi2uNS0VQuOzNi2TkY1OakiuoUOjU=
cloud.google.com/go/videointelligence v1.11.1 h1:MBMWnkQ78GQnRz5lfdTAbBq/8QMCF3wahgtHh3s/J+k=
cloud.google.com/go/videointelligence v1.11.1/go.mod h1:76xn/8InyQHarjTWsBR058SmlPCwQjgcvoW0aZykOvo=
+cloud.google.com/go/videointelligence v1.11.4 h1:YS4j7lY0zxYyneTFXjBJUj2r4CFe/UoIi/PJG0Zt/Rg=
+cloud.google.com/go/videointelligence v1.11.5 h1:mYaWH8uhUCXLJCN3gdXswKzRa2+lK0zN6/KsIubm6pE=
+cloud.google.com/go/videointelligence v1.11.5/go.mod h1:/PkeQjpRponmOerPeJxNPuxvi12HlW7Em0lJO14FC3I=
+cloud.google.com/go/vision v1.2.0 h1:/CsSTkbmO9HC8iQpxbK8ATms3OQaX3YQUeTMGCxlaK4=
cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0=
+cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo=
+cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo=
+cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb+MhPqRbPsY=
+cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E=
+cloud.google.com/go/vision/v2 v2.6.0/go.mod h1:158Hes0MvOS9Z/bDMSFpjwsUrZ5fPrdwuyyvKSGAGMY=
+cloud.google.com/go/vision/v2 v2.7.0 h1:8C8RXUJoflCI4yVdqhTy9tRyygSHmp60aP363z23HKg=
cloud.google.com/go/vision/v2 v2.7.0/go.mod h1:H89VysHy21avemp6xcf9b9JvZHVehWbET0uT/bcuY/0=
cloud.google.com/go/vision/v2 v2.7.2 h1:ccK6/YgPfGHR/CyESz1mvIbsht5Y2xRsWCPqmTNydEw=
cloud.google.com/go/vision/v2 v2.7.2/go.mod h1:jKa8oSYBWhYiXarHPvP4USxYANYUEdEsQrloLjrSwJU=
+cloud.google.com/go/vision/v2 v2.7.5 h1:T/ujUghvEaTb+YnFY/jiYwVAkMbIC8EieK0CJo6B4vg=
+cloud.google.com/go/vision/v2 v2.7.6/go.mod h1:ZkvWTVNPBU3YZYzgF9Y1jwEbD1NBOCyJn0KFdQfE6Bw=
+cloud.google.com/go/vision/v2 v2.8.0 h1:W52z1b6LdGI66MVhE70g/NFty9zCYYcjdKuycqmlhtg=
+cloud.google.com/go/vision/v2 v2.8.0/go.mod h1:ocqDiA2j97pvgogdyhoxiQp2ZkDCyr0HWpicywGGRhU=
+cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE=
+cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g=
+cloud.google.com/go/vmmigration v1.5.0/go.mod h1:E4YQ8q7/4W9gobHjQg4JJSgXXSgY21nA5r8swQV+Xxc=
+cloud.google.com/go/vmmigration v1.6.0 h1:Azs5WKtfOC8pxvkyrDvt7J0/4DYBch0cVbuFfCCFt5k=
cloud.google.com/go/vmmigration v1.6.0/go.mod h1:bopQ/g4z+8qXzichC7GW1w2MjbErL54rk3/C843CjfY=
cloud.google.com/go/vmmigration v1.7.1 h1:gnjIclgqbEMc+cF5IJuPxp53wjBIlqZ8h9hE8Rkwp7A=
cloud.google.com/go/vmmigration v1.7.1/go.mod h1:WD+5z7a/IpZ5bKK//YmT9E047AD+rjycCAvyMxGJbro=
+cloud.google.com/go/vmmigration v1.7.4 h1:qPNdab4aGgtaRX+51jCOtJxlJp6P26qua4o1xxUDjpc=
+cloud.google.com/go/vmmigration v1.7.5 h1:5v9RT2vWyuw3pK2ox0HQpkoftO7Q7/8591dTxxQc79g=
+cloud.google.com/go/vmmigration v1.7.5/go.mod h1:pkvO6huVnVWzkFioxSghZxIGcsstDvYiVCxQ9ZH3eYI=
+cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208=
+cloud.google.com/go/vmwareengine v0.2.2/go.mod h1:sKdctNJxb3KLZkE/6Oui94iw/xs9PRNC2wnNLXsHvH8=
+cloud.google.com/go/vmwareengine v0.3.0 h1:b0NBu7S294l0gmtrT0nOJneMYgZapr5x9tVWvgDoVEM=
cloud.google.com/go/vmwareengine v0.3.0/go.mod h1:wvoyMvNWdIzxMYSpH/R7y2h5h3WFkx6d+1TIsP39WGY=
cloud.google.com/go/vmwareengine v1.0.0 h1:qsJ0CPlOQu/3MFBGklu752v3AkD+Pdu091UmXJ+EjTA=
cloud.google.com/go/vmwareengine v1.0.0/go.mod h1:Px64x+BvjPZwWuc4HdmVhoygcXqEkGHXoa7uyfTgSI0=
+cloud.google.com/go/vmwareengine v1.0.3 h1:WY526PqM6QNmFHSqe2sRfK6gRpzWjmL98UFkql2+JDM=
+cloud.google.com/go/vmwareengine v1.1.1 h1:EGdDi9QbqThfZq3ILcDK5g+m9jTevc34AY5tACx5v7k=
+cloud.google.com/go/vmwareengine v1.1.1/go.mod h1:nMpdsIVkUrSaX8UvmnBhzVzG7PPvNYc5BszcvIVudYs=
+cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w=
+cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8=
+cloud.google.com/go/vpcaccess v1.6.0 h1:FOe6CuiQD3BhHJWt7E8QlbBcaIzVRddupwJlp7eqmn4=
cloud.google.com/go/vpcaccess v1.6.0/go.mod h1:wX2ILaNhe7TlVa4vC5xce1bCnqE3AeH27RV31lnmZes=
cloud.google.com/go/vpcaccess v1.7.1 h1:ram0GzjNWElmbxXMIzeOZUkQ9J8ZAahD6V8ilPGqX0Y=
cloud.google.com/go/vpcaccess v1.7.1/go.mod h1:FogoD46/ZU+JUBX9D606X21EnxiszYi2tArQwLY4SXs=
+cloud.google.com/go/vpcaccess v1.7.4 h1:zbs3V+9ux45KYq8lxxn/wgXole6SlBHHKKyZhNJoS+8=
+cloud.google.com/go/vpcaccess v1.7.5 h1:XyL6hTLtEM/eE4F1GEge8xUN9ZCkiVWn44K/YA7z1rQ=
+cloud.google.com/go/vpcaccess v1.7.5/go.mod h1:slc5ZRvvjP78c2dnL7m4l4R9GwL3wDLcpIWz6P/ziig=
+cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE=
+cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg=
+cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc=
+cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A=
+cloud.google.com/go/webrisk v1.8.0 h1:IY+L2+UwxcVm2zayMAtBhZleecdIFLiC+QJMzgb0kT0=
cloud.google.com/go/webrisk v1.8.0/go.mod h1:oJPDuamzHXgUc+b8SiHRcVInZQuybnvEW72PqTc7sSg=
cloud.google.com/go/webrisk v1.9.1 h1:Ssy3MkOMOnyRV5H2bkMQ13Umv7CwB/kugo3qkAX83Fk=
cloud.google.com/go/webrisk v1.9.1/go.mod h1:4GCmXKcOa2BZcZPn6DCEvE7HypmEJcJkr4mtM+sqYPc=
+cloud.google.com/go/webrisk v1.9.4 h1:iceR3k0BCRZgf2D/NiKviVMFfuNC9LmeNLtxUFRB/wI=
+cloud.google.com/go/webrisk v1.9.5 h1:251MvGuC8wisNN7+jqu9DDDZAi38KiMXxOpA/EWy4dE=
+cloud.google.com/go/webrisk v1.9.5/go.mod h1:aako0Fzep1Q714cPEM5E+mtYX8/jsfegAuS8aivxy3U=
+cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo=
+cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ=
+cloud.google.com/go/websecurityscanner v1.5.0 h1:AHC1xmaNMOZtNqxI9Rmm87IJEyPaRkOxeI0gpAacXGk=
cloud.google.com/go/websecurityscanner v1.5.0/go.mod h1:Y6xdCPy81yi0SQnDY1xdNTNpfY1oAgXUlcfN3B3eSng=
cloud.google.com/go/websecurityscanner v1.6.1 h1:CfEF/vZ+xXyAR3zC9iaC/QRdf1MEgS20r5UR17Q4gOg=
cloud.google.com/go/websecurityscanner v1.6.1/go.mod h1:Njgaw3rttgRHXzwCB8kgCYqv5/rGpFCsBOvPbYgszpg=
+cloud.google.com/go/websecurityscanner v1.6.4 h1:5Gp7h5j7jywxLUp6NTpjNPkgZb3ngl0tUSw6ICWvtJQ=
+cloud.google.com/go/websecurityscanner v1.6.5 h1:YqWZrZYabG88TZt7364XWRJGhxmxhony2ZUyZEYMF2k=
+cloud.google.com/go/websecurityscanner v1.6.5/go.mod h1:QR+DWaxAz2pWooylsBF854/Ijvuoa3FCyS1zBa1rAVQ=
+cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0=
+cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M=
+cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M=
+cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA=
+cloud.google.com/go/workflows v1.10.0 h1:FfGp9w0cYnaKZJhUOMqCOJCYT/WlvYBfTQhFWV3sRKI=
cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw=
cloud.google.com/go/workflows v1.12.0 h1:cSUlx4PVV9O0vYCl+pHAUmu0996A7eN602d4wjjVHRs=
cloud.google.com/go/workflows v1.12.0/go.mod h1:PYhSk2b6DhZ508tj8HXKaBh+OFe+xdl0dHF/tJdzPQM=
+cloud.google.com/go/workflows v1.12.3 h1:qocsqETmLAl34mSa01hKZjcqAvt699gaoFbooGGMvaM=
+cloud.google.com/go/workflows v1.12.4 h1:uHNmUiatTbPQ4H1pabwfzpfEYD4BBnqDHqMm2IesOh4=
+cloud.google.com/go/workflows v1.12.4/go.mod h1:yQ7HUqOkdJK4duVtMeBCAOPiN1ZF1E9pAMX51vpwB/w=
contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc=
contrib.go.opencensus.io/exporter/zipkin v0.1.2 h1:YqE293IZrKtqPnpwDPH/lOqTWD/s3Iwabycam74JV3g=
+contrib.go.opencensus.io/exporter/zipkin v0.1.2/go.mod h1:mP5xM3rrgOjpn79MM8fZbj3gsxcuytSqtH0dxSWW1RE=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9 h1:VpgP7xuJadIUuKccphEpTJnWhS2jkQyMt6Y7pJCD7fY=
+gioui.org v0.0.0-20210308172011-57750fc8a0a6 h1:K72hopUosKG3ntOPNG4OzzbuhxGuVf06fa2la1/H/Ho=
+gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
+git.sr.ht/~sbinet/gg v0.3.1 h1:LNhjNn8DerC8f9DHLz6lS0YYul/b602DUxDgGkd/Aik=
+git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
github.com/Antonboom/errname v0.1.5/go.mod h1:DugbBstvPFQbv/5uLcRRzfrNqKE9tVdVCqWCLp6Cifo=
github.com/Antonboom/nilnil v0.1.0/go.mod h1:PhHLvRPSghY5Y7mX4TW+BHZQYo1A8flE5H20D3IPZBo=
github.com/Azure/azure-sdk-for-go v43.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
@@ -433,6 +1363,7 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9Orh
github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
+github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
github.com/Azure/go-autorest/autorest v0.11.8/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
github.com/Azure/go-autorest/autorest v0.11.17/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
@@ -456,6 +1387,9 @@ github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWV
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0=
github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
+github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
+github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
+github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
@@ -466,6 +1400,7 @@ github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYX
github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
+github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
@@ -476,6 +1411,8 @@ github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5H
github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317/go.mod h1:DF8FZRxMHMGv/vP2lQP6h+dYzzjpuRn24VeRiYn3qjQ=
github.com/IBM/sarama v1.40.1 h1:lL01NNg/iBeigUbT+wpPysuTYW6roHo6kc1QrffRf0k=
github.com/IBM/sarama v1.40.1/go.mod h1:+5OFwA5Du9I6QrznhaMHsuwWdWZNMjaBSIxEWEgKOYE=
+github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c h1:RGWPOewvKIROun94nF7v2cua9qP+thov/7M50KEoeSU=
+github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd h1:sjQovDkwrZp8u+gxLtPgKGjk5hCxuy2hrRejBTA9xFU=
github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg=
github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
@@ -503,6 +1440,7 @@ github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01
github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
+github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
github.com/OpenPeeDeeP/depguard v1.0.0 h1:k9QF73nrHT3nPLz3lu6G5s+3Hi8Je36ODr1F5gjAXXM=
@@ -510,6 +1448,7 @@ github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmU
github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
+github.com/Shopify/sarama v1.19.0 h1:9oksLxC6uxVPHPVYUmq6xhr1BOF/hHobWH2UzO67z1s=
github.com/Shopify/sarama v1.30.0 h1:TOZL6r37xJBDEMLx4yjB77jxbZYXPaDow08TSK6vIL0=
github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs=
github.com/Shopify/toxiproxy v2.1.4+incompatible h1:TKdv8HiTLgE5wdJuEML90aBgNWsokNbMijUGhmcoBJc=
@@ -522,6 +1461,13 @@ github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9
github.com/agnivade/levenshtein v1.0.1 h1:3oJU7J3FGFmyhn8KHjmVaZCN5hxTr7GxgRue+sxIXdQ=
github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210609063737-0067dc6dcea2 h1:t/ces1/q8tuApSb+T5ajsu3wqkofUT43U1gpDYTPYME=
github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210609063737-0067dc6dcea2/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8=
+github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9 h1:7kQgkwGRoLzC9K0oyXdJo7nve/bynv/KwUsxbiTlzAM=
+github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY=
+github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19 h1:iXUgAaqDcIUGbRoy2TdeofRG/j1zpGRSEmNK05T+bi8=
+github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk=
+github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
+github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b h1:slYM766cy2nI3BwyRiyQj/Ud48djTMtMebDqepE95rw=
+github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM=
github.com/alecthomas/jsonschema v0.0.0-20180308105923-f2c93856175a h1:FTykHiUVgZkL0cdTplzjoDZnizgAqEo6riN3R2VYwg0=
github.com/alecthomas/jsonschema v0.0.0-20220216202328-9eeeec9d044b h1:doCpXjVwui6HUN+xgNsNS3SZ0/jUZ68Eb+mJRNOZfog=
github.com/alecthomas/jsonschema v0.0.0-20220216202328-9eeeec9d044b/go.mod h1:/n6+1/DWPltRLWL/VKyUxg6tzsl5kHUCcraimt4vr60=
@@ -529,6 +1475,8 @@ github.com/alecthomas/kingpin/v2 v2.3.1 h1:ANLJcKmQm4nIaog7xdr/id6FM6zm5hHnfZrvt
github.com/alecthomas/kingpin/v2 v2.3.1/go.mod h1:oYL5vtsvEHZGHxU7DMp32Dvx+qL+ptGn6lWaot2vCNE=
github.com/alecthomas/kingpin/v2 v2.3.2 h1:H0aULhgmSzN8xQ3nX1uxtdlTHYoPLu5AhHxWrKI6ocU=
github.com/alecthomas/kingpin/v2 v2.3.2/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE=
+github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY=
+github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=
github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
@@ -540,12 +1488,20 @@ github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY
github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg=
github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
+github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
+github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
+github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
+github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ=
+github.com/apache/arrow/go/v10 v10.0.1 h1:n9dERvixoC/1JjDmBcs9FPaEryoANa2sCgVFo6ez9cI=
+github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0=
+github.com/apache/arrow/go/v11 v11.0.0 h1:hqauxvFQxww+0mEU/2XHG6LT7eZternCZq+A5Yly2uM=
github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI=
github.com/apache/arrow/go/v12 v12.0.0 h1:xtZE63VWl7qLdB0JObIXvvhGjoVNrQ9ciIHG2OK5cmc=
-github.com/apache/arrow/go/v12 v12.0.0/go.mod h1:d+tV/eHZZ7Dz7RPrFKtPK02tpr+c9/PEd/zm8mDS9Vg=
+github.com/apache/arrow/go/v12 v12.0.1 h1:JsR2+hzYYjgSUkBSaahpqCetqZMr76djX80fF/DiJbg=
+github.com/apache/arrow/go/v12 v12.0.1/go.mod h1:weuTY7JvTG/HDPtMQxEUp7pU73vkLWMLpY67QwZ/WWw=
+github.com/apache/arrow/go/v14 v14.0.2 h1:N8OkaJEOfI3mEZt07BIkvo4sC6XDbL+48MBPWO5IONw=
+github.com/apache/arrow/go/v14 v14.0.2/go.mod h1:u3fgh3EdgN/YQ8cVQRguVW3R+seMybFg8QBQ5LU+eBY=
github.com/apache/thrift v0.12.0 h1:pODnxUFNcjP9UTLZGTdeh+j16A8lJbRvD3rOtrk/7bs=
github.com/apache/thrift v0.16.0 h1:qEy6UW60iVOlUy+b9ZR0d5WzUWYGOo4HfopoyBaNmoY=
github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU=
@@ -557,6 +1513,8 @@ github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJ
github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310 h1:BUAU3CGlLvorLI26FmByPp2eC2qla6E1Tw+scpcg/to=
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
@@ -649,16 +1607,21 @@ github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edY
github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c h1:+0HFd5KSZ/mm3JmhmrDukiId5iR6w4+BdFtfSy4yWIc=
github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/blizzy78/varnamelen v0.3.0/go.mod h1:hbwRdBvoBqxk34XyQ6HA0UH3G0/1TKuv5AC4eaBT0Ec=
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b h1:AP/Y7sqYicnjGDfD5VcY4CIfh1hRXBUavxrvELjTiOE=
github.com/bmizerany/perks v0.0.0-20230307044200-03f9df79da1e h1:mWOqoK5jV13ChKf/aF3plwQ96laasTJgZi4f1aSOu+M=
github.com/bmizerany/perks v0.0.0-20230307044200-03f9df79da1e/go.mod h1:ac9efd0D1fsDb3EJvhqgXRbFx7bs2wqZ10HQPeU8U/Q=
github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
+github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
+github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/breml/bidichk v0.1.1/go.mod h1:zbfeitpevDUGI7V91Uzzuwrn4Vls8MoBMrwtt78jmso=
github.com/bshuster-repo/logrus-logstash-hook v0.4.1 h1:pgAtgj+A31JBVtEHu2uHuEx0n+2ukqUJnS2vVe5pQNA=
github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
+github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
@@ -675,6 +1638,7 @@ github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6
github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054 h1:uH66TXeswKn5PW5zdZ39xEwfS9an067BirqA+P4QaLI=
github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41y6FOsEUvknqgXnGmJyJSbjhAWq5pO4F8=
github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg=
github.com/chavacava/garif v0.0.0-20210405164556-e8a0a408d6af/go.mod h1:Qjyv4H3//PWVzTeCezG2b9IRn6myJxJSr4TD/xo6ojU=
@@ -683,6 +1647,12 @@ github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d8
github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21/go.mod h1:Zlre/PVxuSI9y6/UV4NwGixQ48RHQDSPiUkofr6rbMU=
github.com/chrismellard/docker-credential-acr-env v0.0.0-20221002210726-e883f69e0206 h1:lG6Usi/kX/JBZzGz1H+nV+KwM97vThQeKunCbS6PutU=
github.com/chrismellard/docker-credential-acr-env v0.0.0-20221002210726-e883f69e0206/go.mod h1:1UmFRnmMnVsHwD+ZntmLkoVBB1ZLa6V+XXEbF6hZCxU=
+github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89 h1:aPflPkRFkVwbW6dmcVqfgwp1i+UWGFH6VgR1Jim5Ygc=
+github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
+github.com/chromedp/chromedp v0.9.2 h1:dKtNz4kApb06KuSXoTQIyUC2TrA0fhGDwNZf3bcgfKw=
+github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs=
+github.com/chromedp/sysutil v1.0.0 h1:+ZxhTpfpZlmchB58ih/LBHX52ky7w2VhQVKQMucy3Ic=
+github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
@@ -701,7 +1671,12 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D
github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=
github.com/cloudevents/conformance v0.2.0 h1:NvSXOKlagcsOWMEbi8U7Ex/0oQ4JZE1HQ45bnxYf2zk=
+github.com/cloudevents/conformance v0.2.0/go.mod h1:rHKDwylBH89Rns6U3wL9ww8bg9/4GbwRCDNuyoC6bcc=
github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.4.1 h1:UHjY9+DJyjELyFA8vU/KHHXix1F1z7QLFskzdJZkP+0=
+github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.13.0 h1:Mf5y5GYVusfOpPQsKHOvr9c3Y76fZnSZzuZo+LQr/aU=
+github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.13.0/go.mod h1:vgBrMXc1h8htR8PUlGViBcNEkri4fw98nY8Tqsgdtfs=
+github.com/cloudevents/sdk-go/v2 v2.13.0/go.mod h1:xDmKfzNjM8gBvjaF8ijFjM1VYOVUEeUfapHMUX1T5To=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f h1:WBZRG4aNOuI15bLRrCgN8fCq8E5Xuty6jGbmSNEvSsU=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 h1:hzAQntlaYRkVSFEfj9OTWlVV1H155FMD8BTKktLv0QI=
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
@@ -713,13 +1688,22 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1 h1:zH8ljVhhq7yC0MIeUL/IviMtY8hx2mK8cN9wEYb8ggw=
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20230428030218-4003588d1b74/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50 h1:DBmgJDC9dTfkVyGgipamEh2BpGYxScCH1TOF1LL1cXc=
+github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50/go.mod h1:5e1+Vvlzido69INQaVO6d87Qn543Xr6nooe9Kz7oBFM=
+github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw=
+github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
github.com/cockroachdb/cockroach-go v0.0.0-20181001143604-e0a95dfd547c h1:2zRrJWIt/f9c9HhNHAgrRgq0San5gRRUJTBXLkchal0=
+github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa h1:OaNxuTZr7kxeODyLWsRMC+OD03aFUH+mW6r2d+MWa5Y=
github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5 h1:xD/lrqdvwsc+O2bjSSi3YqY73Ke3LAiSCx49aCesA0E=
github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
+github.com/cockroachdb/datadriven v1.0.2 h1:H9MtNqVoVhvd9nCBwOyDjUEdZCREqbIdCJD93PBm/jA=
+github.com/cockroachdb/datadriven v1.0.2/go.mod h1:a9RdTaap04u637JoCzcUoIcDmvwSUtcUFtT/C3kJlTU=
github.com/cockroachdb/errors v1.2.4 h1:Lap807SXTH5tri2TivECb/4abUkMZC9zRoLarvcKDqs=
github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f h1:o/kfcElHqOiXqcou5a3rIlMc7oJbMQkeLk0VQJ7zgqY=
@@ -822,7 +1806,13 @@ github.com/coreos/go-etcd v2.0.0+incompatible h1:bXhRBIXoTm9BYHS3gE0TtQuyNZyeEMu
github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM=
+github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
+github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
+github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
+github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
+github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=
+github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8=
github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
@@ -839,10 +1829,14 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
+github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c h1:/ovYnF02fwL0kvspmy9AuyKg1JhdTRUgPw4nUxd9oZM=
+github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg=
github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07 h1:UHFGPvSxX4C4YBApSPvmUfL8tTvWLj2ryqvT9K4Jcuk=
github.com/cznic/fileutil v0.0.0-20180108211300-6a051e75936f h1:7uSNgsgcarNk4oiN/nNkO0J7KAjlsF5Yv5Gf/tFdHas=
@@ -860,6 +1854,7 @@ github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/
github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
github.com/daixiang0/gci v0.2.9/go.mod h1:+4dZ7TISfSmqfAGv59ePaHfNzgGtIkHAhhdKggP1JAc=
github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
+github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU=
github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ=
@@ -896,6 +1891,7 @@ github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hH
github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
@@ -907,8 +1903,13 @@ github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6Uezg
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916 h1:yWHOI+vFjEsAakUTSrtqc/SAHrhSkmn48pqjidZX3QA=
github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
+github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 h1:bWDMxwH3px2JBh6AyO7hdCn/PkvCZXii8TGj7sbtEbQ=
+github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/eapache/go-resiliency v1.1.0 h1:1NtRmCAqadE2FN4ZcN6g90TP3uk8cg9rn9eNK2197aU=
github.com/eapache/go-resiliency v1.2.0 h1:v7g92e/KSN71Rq7vSThKaWIq68fL4YHvWyiUKorFR1Q=
github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
github.com/eapache/go-resiliency v1.3.0 h1:RRL0nge+cWGlxXbUzJ7yMcq6w2XBEr19dCN6HECGaT0=
@@ -931,21 +1932,29 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.
github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 h1:xvqufLtNVwAhN8NMyWklVgxnWohi+wtMGQMhtxexlm0=
github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
+github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34=
+github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI=
github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q=
github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM=
-github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g=
+github.com/envoyproxy/go-control-plane v0.12.0 h1:4X+VP1GHd1Mhj6IB5mMeGbLCleqxjletLK6K0rbxyZI=
+github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0=
github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
+github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo=
+github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w=
+github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
github.com/envoyproxy/protoc-gen-validate v1.0.1/go.mod h1:0vj8bNkYbSTNS2PIyH87KZaeN4x9zpL9Qt8fQC7d+vs=
github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA=
-github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
+github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
+github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
github.com/esimonov/ifshort v1.0.3/go.mod h1:yZqNJUrNn20K8Q9n2CrjTKYyVEmX209Hgu+M1LBpeZE=
github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY=
github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
+github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8=
github.com/fatih/color v1.6.0 h1:66qjqZk8kalYAvDRtM1AdAJQI0tj4Wrue3Eq3B3pmFU=
@@ -959,7 +1968,11 @@ github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4
github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/flowstack/go-jsonschema v0.1.1 h1:dCrjGJRXIlbDsLAgTJZTjhwUJnnxVWl1OgNyYh5nyDc=
+github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
+github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
+github.com/fogleman/gg v1.3.0 h1:/7zJX8F6AaYQc57WQCyN9cAIz+4bCJGO9B+dyW29am8=
+github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/form3tech-oss/jwt-go v3.2.5+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -968,27 +1981,52 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu
github.com/frankban/quicktest v1.11.3 h1:8sXhOn0uLys67V8EsXLc6eszDs8VXWxL3iRvebPhedY=
github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
github.com/fsouza/fake-gcs-server v1.7.0 h1:Un0BXUXrRWYSmYyC1Rqm2e2WJfTPyDy/HGMz31emTi8=
github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM=
+github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=
+github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7 h1:LofdAjjjqCSXMwLGgOgnE+rdPuvX9DxCqaHwKy7i/ko=
+github.com/getkin/kin-openapi v0.61.0 h1:6awGqF5nG5zkVpMsAih1QH4VgzS8phTxECUWIFo7zko=
+github.com/getkin/kin-openapi v0.61.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4=
github.com/getsentry/raven-go v0.2.0 h1:no+xWJRb5ZI7eE8TWgIq1jLulQiIoLG0IfYxv5JYMGs=
github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
+github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8 h1:DujepqpGd1hyOd7aW59XpK7Qymp8iy83xq74fLr21is=
+github.com/go-chi/chi/v5 v5.0.0 h1:DBPx88FjZJH3FsICfDAfIfnb7XxKIYVGG6lOPlhENAg=
+github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540 h1:djv/qAomOVj8voCHt0M0OYwR/4vfDq1zNKSPKjJCexs=
github.com/go-critic/go-critic v0.6.1/go.mod h1:SdNCfU0yF3UBjtaZGw6586/WocupMOJuiqgom5DsQxM=
+github.com/go-fonts/dejavu v0.1.0 h1:JSajPXURYqpr+Cu8U9bt8K+XcACIHWqWrvWCKyeFmVQ=
+github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g=
+github.com/go-fonts/latin-modern v0.2.0 h1:5/Tv1Ek/QCr20C6ZOz15vw3g7GELYL98KWr8Hgo+3vk=
+github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks=
+github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY=
+github.com/go-fonts/liberation v0.2.0 h1:jAkAWJP4S+OsrPLZM4/eC9iW7CtHy+HBXrEwZXWo5VM=
+github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY=
+github.com/go-fonts/stix v0.1.0 h1:UlZlgrvvmT/58o573ot7NFw0vZasZ5I6bcIft/oMdgg=
+github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1 h1:QbL/5oDUmRBzO9/Z7Seo6zf912W/a6Sr4Eu0G/3Jho0=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4 h1:WtGNWLvXpe6ZudgnXrq0barxBImvnnJoMEhXAzcbM0I=
github.com/go-ini/ini v1.25.4 h1:Mujh4R/dH6YL8bxuISne3xX2+qcQ9p0IxKAP6ExWoUo=
+github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
+github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
github.com/go-kit/kit v0.9.0 h1:wDJmvq38kDhkVxi50ni9ykkdUr1PKgqKOoi01fa0Mdk=
github.com/go-kit/kit v0.12.0 h1:e4o3o3IsBfAKQh5Qbbiqyfu97Ku7jrO/JbohvztANh4=
github.com/go-kit/kit v0.12.0/go.mod h1:lHd+EkCZPIwYItmGDDRdhinkzX2A1sj+M9biaEaizzs=
+github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U=
+github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81 h1:6zl3BbBhdnMkpSj2YY30qV3gDcVBGtFgVsV3+/i+mKQ=
+github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk=
github.com/go-lintpack/lintpack v0.5.2 h1:DI5mA3+eKdWeJ40nU4d6Wc26qmdG8RCi/btYq0TuRN0=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4=
github.com/go-ole/go-ole v1.2.1 h1:2lOsA72HgjxAuMlKpFiCbHTvu44PIVkZ5hqm3RSdI/E=
github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
@@ -1037,6 +2075,9 @@ github.com/go-openapi/validate v0.19.11 h1:8lCr0b9lNWKjVjW/hSZZvltUy+bULl7vbnCTs
github.com/go-openapi/validate v0.19.11/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0waH08tGe6kAQ4=
github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
+github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M=
+github.com/go-pdf/fpdf v0.6.0 h1:MlgtGIfsdMEEQJr2le6b/HNr1ZlQwxyWr77r2aj2U/8=
+github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M=
github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
@@ -1044,6 +2085,8 @@ github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG
github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/go-toolsmith/astcast v1.0.0 h1:JojxlmI6STnFVG9yOImLeGREv8W2ocNUM+iOhR6jE7g=
@@ -1089,8 +2132,16 @@ github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGt
github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk=
+github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/gocql/gocql v0.0.0-20190301043612-f6df8288f9b4 h1:vF83LI8tAakwEwvWZtrIEx7pOySacl2TOxx6eXk4ePo=
github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
@@ -1111,14 +2162,25 @@ github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-migrate/migrate/v4 v4.6.2 h1:LDDOHo/q1W5UDj6PbkxdCv7lv9yunyZHXvxuwDkGo3k=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
+github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
+github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
+github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4=
+github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8=
+github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc=
github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -1135,6 +2197,8 @@ github.com/golangci/golangci-lint v1.17.2-0.20190909185456-6163a8a79084 h1:Z4/yX
github.com/golangci/golangci-lint v1.43.0/go.mod h1:VIFlUqidx5ggxDfQagdvd9E67UjMXtTHBkBQ7sHoC5Q=
github.com/golangci/gosec v0.0.0-20190211064107-66fb7fc33547 h1:fUdgm/BdKvwOHxg5AhNbkNRp2mSy8sxTXyBVs/laQHo=
github.com/golangci/ineffassign v0.0.0-20190609212857-42439a7714cc h1:gLLhTLMk2/SutryVJ6D4VZCU3CUqr8YloG7FPIBWFpI=
+github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219 h1:utua3L2IbQJmauC5IXdEA547bcoU5dozgQAfc8Onsg4=
+github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
github.com/golangci/lint-1 v0.0.0-20190420132249-ee948d087217 h1:En/tZdwhAn0JNwLuXzP3k2RVtMqMmOEK7Yu/g3tmtJE=
github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg=
github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca h1:kNY3/svz5T29MYHubXix4aDDuE3RWHkPvopM/EDv/MA=
@@ -1162,11 +2226,19 @@ github.com/google/cel-go v0.12.6 h1:kjeKudqV0OygrAqA9fX6J55S8gj+Jre2tckIm5RoG4M=
github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
github.com/google/cel-go v0.12.7 h1:jM6p55R0MKBg79hZjn1zs2OlrywZ1Vk00rxVvad1/O0=
github.com/google/cel-go v0.12.7/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
+github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto=
+github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
+github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84=
+github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
github.com/google/certificate-transparency-go v1.1.1/go.mod h1:FDKqPvSXawb2ecErVRrD+nfy23RCzyl7eqVCEmlT1Zs=
github.com/google/flatbuffers v2.0.8+incompatible h1:ivUb1cGomAB101ZM1T0nOiWz9pSrTMoa9+EiY7igmkM=
github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
+github.com/google/flatbuffers v23.5.26+incompatible h1:M9dgRyhJemaM4Sw8+66GHBu8ioaQmyPLg1b8VwK5WJg=
+github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
+github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
+github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20220414154538-570ba6c88a50/go.mod h1:m7mMYMlUraMy65yWp4AXkMgousS5LFPYcvI19yjz6W0=
github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20230209165335-3624968304fd h1:hQf//Ak0trkoqnm94i9mw00d7axUwfK92hMxslxNKYc=
@@ -1176,53 +2248,97 @@ github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-2023020916533
github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230209165335-3624968304fd/go.mod h1:6pjZpt+0dg+Z0kUEn53qLtD57raiZo/bqWzsuX6dDjo=
github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
github.com/google/go-github/v27 v27.0.6 h1:oiOZuBmGHvrGM1X9uNUAUlLgp5r1UUO/M/KnbHnLRlQ=
+github.com/google/go-github/v27 v27.0.6/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0=
+github.com/google/go-jsonnet v0.18.0/go.mod h1:C3fTzyVJDslXdiTqw/bTFk7vSGyCtH3MGRbDfvEwGd0=
+github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9 h1:OF1IPgv+F4NmqmJ98KTjdN97Vs1JxDPB3vbmYzV2dpk=
github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY=
github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/mako v0.0.0-20190821191249-122f8dcef9e3 h1:/o5e44nTD/QEEiWPGSFT3bSqcq3Qg7q27N9bv4gKh5M=
+github.com/google/mako v0.0.0-20190821191249-122f8dcef9e3/go.mod h1:YzLcVlL+NqWnmUEPuhS1LxDDwGO9WNbVlEXaF4IH35g=
github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
+github.com/google/martian/v3 v3.0.0 h1:pMen7vLs8nvgEYhywH3KDWJIJTeEr2ULsVWHWYHQyBs=
github.com/google/martian/v3 v3.2.1 h1:d8MncMlErDFTwQGBK1xhv026j9kqhvw1Qv9IbWT1VLQ=
github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
+github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM=
+github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
+github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
+github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
+github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
+github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
+github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
+github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
+github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo=
+github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY=
+github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw=
github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
+github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
+github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA=
+github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
+github.com/googleapis/gnostic v0.2.0 h1:l6N3VoaVzTncYYW+9yOz2LJJammFZGBO13sqgEhpy9g=
github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyycI+I=
+github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA=
+github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8 h1:tlyzajkF3030q6M8SvmJSemC9DTHL/xaMa18b65+JM4=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
github.com/gophercloud/gophercloud v1.5.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33 h1:893HsJqtxp9z1SF76gg6hY70hRY1wVlTSnC/h1yUDCo=
+github.com/gorilla/mux v1.7.2 h1:zoNxOV7WjqXptQOVngLmcSQgXmgk4NMz1HibBchjl/I=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
-github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3 h1:JVnpOZS+qxli+rgVl98ILOXVNbW+kb5wcxeGx8ShUIw=
github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
+github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd h1:PpuIBO5P3e9hpqBD0O/HjhShYuM6XE0i/lbE6J94kww=
github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
+github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
github.com/grpc-ecosystem/grpc-health-probe v0.2.1-0.20181220223928-2bf0a5b182db h1:UxmGBzaBcWDQuQh9E1iT1dWKQFbizZ+SpTd1EL4MSqs=
github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8=
github.com/hashicorp/consul/api v1.1.0 h1:BNQPM9ytxj6jbjjdRPioQ94T6YXriSopn0i8COv6SRA=
@@ -1230,23 +2346,24 @@ github.com/hashicorp/consul/api v1.22.0/go.mod h1:zHpYgZ7TeYqS6zaszjwSt128OwESRp
github.com/hashicorp/consul/sdk v0.1.1 h1:LnuDWGNsoajlhGyHJvuWW6FVqRl8JOTPqS6CPTsYjhY=
github.com/hashicorp/cronexpr v1.1.2/go.mod h1:P4wA0KBl9C5q2hABiMO7cp6jcIg96CDh1Efb3g1PWA4=
github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-msgpack v0.5.3 h1:zKjpN5BK/P5lMYrLmBHdBULWbJ0XpYR+7NGzqkZzoD4=
github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/go-retryablehttp v0.6.7 h1:8/CAEZt/+F7kR7GevNHulKkUjLht3CPmn7egmhieNKo=
+github.com/hashicorp/go-retryablehttp v0.6.7/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
github.com/hashicorp/go-rootcerts v1.0.0 h1:Rqb66Oo1X/eSV1x66xbDccZjhJigjg0+e82kpwzSwCI=
github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
github.com/hashicorp/go-sockaddr v1.0.0 h1:GeH6tui99pF4NJgfnhp+L6+FfobzVW3Ah46sLo0ICXs=
github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
-github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go.net v0.0.1 h1:sNCoNyDEvN1xa+X0baata4RdcpKwcMS6DH+xwfqPgjw=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
@@ -1259,13 +2376,22 @@ github.com/hetznercloud/hcloud-go/v2 v2.0.0/go.mod h1:4iUG2NG8b61IAwNx6UsMWQ6IfI
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0=
github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA=
+github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc=
github.com/iancoleman/orderedmap v0.3.0/go.mod h1:XuLcCUkdL5owUCQeF2Ue9uuw1EptkJDkXXS7VoV7XGE=
+github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0=
github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
+github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI=
+github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab h1:BA4a7pe6ZTd9F8kXETBoijjFJ/ntaa//1wiH9BZu4zU=
github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
+github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465 h1:KwWnWVWCNtNq/ewIX7HIKnELmEx2nDP42yskD/pi7QE=
+github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/influxdata/influxdb-client-go/v2 v2.9.0 h1:1Ejxpt+cpWkadefxd5xvVx7pFgFaafdNp1ItfHzKRW4=
github.com/influxdata/influxdb-client-go/v2 v2.9.0/go.mod h1:x7Jo5UHHl+w8wu8UnGiNobDDHygojXwJX4mx7rXGKMk=
github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 h1:W9WBk7wlPfJLvMCdtV4zPulc4uCPrlywQOmbFOhgQNU=
@@ -1281,65 +2407,116 @@ github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8
github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
github.com/jcmturner/gofork v1.0.0 h1:J7uCkflzTEhUZ64xqKnkDxq3kzc96ajM1Gli5ktUem8=
github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
+github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg=
github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo=
github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o=
github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
github.com/jcmturner/gokrb5/v8 v8.4.2 h1:6ZIM6b/JJN0X8UM43ZOM6Z4SJzla+a/u7scXFJzodkA=
github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc=
+github.com/jcmturner/gokrb5/v8 v8.4.3 h1:iTonLeSJOn7MVUtyMT+arAn5AKAPrkilzhGw8wE/Tq8=
github.com/jcmturner/gokrb5/v8 v8.4.3/go.mod h1:dqRwJGXznQrzw6cWmyo6kH+E7jksEQG/CyVWsJEsJO0=
github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/joefitzgerald/rainbow-reporter v0.1.0 h1:AuMG652zjdzI0YCCnXAqATtRBpGXMcAnrajcaTrSeuo=
github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o=
github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
+github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
+github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5 h1:PJr+ZMXIecYc1Ey2zucXdR73SMBtgjPgwa31099IMv0=
+github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 h1:iQTw/8FWTuc7uiaSepXwyf3o52HaUYcV+Tu66S3F5GA=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
github.com/kisielk/errcheck v1.5.0 h1:e8esj/e4R+SAOwFwN+n3zr0nYeCyeweozKfO23MvHzY=
github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
+github.com/klauspost/asmfmt v1.3.2 h1:4Ri7ox3EwapiOjCki+hw14RyKk201CN4rzyCJRFLpK4=
github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE=
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk=
github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE=
+github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
+github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
+github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw=
github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
github.com/kshvakov/clickhouse v1.3.5 h1:PDTYk9VYgbjPAWry3AoDREeMgOVUFij6bh6IjlloHL0=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/labstack/echo/v4 v4.2.1 h1:LF5Iq7t/jrtUuSutNuiEWtB5eiHfZ5gSe2pcu5exjQw=
+github.com/labstack/echo/v4 v4.2.1/go.mod h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4FW1e6jwpg=
+github.com/labstack/gommon v0.3.0 h1:JEeO0bvc78PKdyHxloTKiF8BD5iGrH8T6MSeGvSgob0=
+github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
+github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80 h1:6Yzfa6GP0rIo/kULo2bwGEkFvCePZ3qHDDTC3/J9Swo=
+github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/lightstep/tracecontext.go v0.0.0-20181129014701-1757c391b1ac h1:+2b6iGRJe3hvV/yVXrd41yVEjxuFHxasJqDhkIjS4gk=
github.com/linode/linodego v1.19.0/go.mod h1:XZFR+yJ9mm2kwf6itZ6SCpu+6w3KnIevV0Uu5HNWJgQ=
github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY=
github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e h1:9MlwzLdW7QSDrhDjFlsEYmxpFyIoXmYRon3dt0io31k=
+github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA=
+github.com/lyft/protoc-gen-star v0.6.1 h1:erE0rdztuaDq3bpGifD95wfoPrSZc95nGA6tbiNYh6M=
+github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA=
+github.com/lyft/protoc-gen-star/v2 v2.0.1 h1:keaAo8hRuAT0O3DfJ/wM3rufbAjGeJ1lAtWZHDjKGB0=
+github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o=
+github.com/lyft/protoc-gen-star/v2 v2.0.3 h1:/3+/2sWyXeMLzKd1bX+ixWKgEMsULrIivpDsuaF441o=
github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk=
github.com/lyft/protoc-gen-validate v0.0.13 h1:KNt/RhmQTOLr7Aj8PsJ7mTronaFyx80mRTT9qF261dA=
github.com/marstr/guid v1.1.0 h1:/M4H/1G4avsieL6BbUwCOBzulmoeKVP5ux/3mQNnbyI=
+github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd h1:HvFwW+cm9bCbZ/+vuGNq7CRWXql8c0y8nGeYpqmpvmk=
+github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU=
+github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
+github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE=
+github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
+github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.2 h1:UnlwIPBGaTZfPQ6T1IGzPI0EkYAQmT9fAEJ/poFC63o=
github.com/mattn/go-shellwords v1.0.9 h1:eaB5JspOwiKKcHdqcjbfe5lA9cNn/4NRRtddXJCimqk=
github.com/mattn/go-sqlite3 v1.10.0 h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=
+github.com/mattn/go-sqlite3 v1.14.14 h1:qZgc/Rwetq+MtyE18WhzjokPD93dNqLGNT3QJuLvBGw=
+github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
github.com/mattn/goveralls v0.0.2 h1:7eJB6EqsPhRVxvwEXGnqdO2sJI0PTsrWoTMXEk9/OQc=
github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2 h1:g+4J5sZg6osfvEfkRZxJ1em0VT95/UOZgi/l7zi1/oE=
+github.com/miekg/dns v1.0.14 h1:9jZdLNd/P4+SfEJ0TNyxYpsK8N4GtfylBLqtbYN1sbA=
github.com/miekg/dns v1.1.17 h1:BhJxdA7bH51vKFZSY8Sn9pR7++LREvg0eYFzHA452ew=
+github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
github.com/mikefarah/yaml/v2 v2.4.0 h1:eYqfooY0BnvKTJxr7+ABJs13n3dg9n347GScDaU2Lww=
github.com/mikefarah/yq/v2 v2.4.1 h1:tajDonaFK6WqitSZExB6fKlWQy/yCkptqxh2AXEe3N4=
+github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8 h1:AMFGa4R4MiIpspGNG7Z948v4n35fFGB3RR3G/ry4FWs=
github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY=
+github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3 h1:+n/aFZefKZp7spd8DFdX7uMikMLXX4oubIzJF4kv/wI=
github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE=
github.com/mitchellh/cli v1.0.0 h1:iGBIsUe3+HZ/AD/Vd7DErOt5sU9fa8Uj7A2s1aggv1Y=
github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
@@ -1355,13 +2532,14 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f h1:2+myh5ml7lgEU/51gbeLHfKGNfgEQQIWrlbdaOsidbQ=
github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY=
github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
+github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40 h1:Q0XH6Ql1+Z6YbUKyWyI0sD8/9yH0U8x86yA8LuWMJwY=
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/nakagami/firebirdsql v0.0.0-20190310045651-3c02a58cfed8 h1:P48LjvUQpTReR3TQRbxSeSBsMXzfK0uol7eRcr7VBYQ=
github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663 h1:Ri1EhipkbhWsffPJ3IPlrb4SkTOPa2PfRXp3jchBczw=
github.com/ncw/swift v1.0.47 h1:4DQRPj35Y41WogBxyhOXlrI37nzGlyEcsforeudyYPQ=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5 h1:58+kh9C6jJVXYjt8IE48G2eWl6BjwU5Gj0gqY84fy78=
@@ -1374,7 +2552,15 @@ github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1L
github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc=
github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk=
github.com/onsi/ginkgo/v2 v2.9.1/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo=
+github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts=
+github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
+github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0=
github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
+github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
+github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc=
@@ -1386,19 +2572,35 @@ github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdM
github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw=
github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw=
github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ=
+github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
+github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
+github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
+github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
+github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
+github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY=
+github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y=
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700 h1:eNUVfm/RFLIi1G7flU5/ZRTHvd4kcVuzfRnL6OFlzCI=
github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39 h1:H7DMc6FAjgwZZi8BRqjrAAHWoqEr5e5L6pS4V0ezet4=
+github.com/openshift/api v0.0.0-20230522130544-0eef84f63102 h1:DvXc9rkFXM8Q4Gva6MYoenwnvgX1Ij1cLkewLb91D5Q=
+github.com/openshift/api v0.0.0-20230522130544-0eef84f63102/go.mod h1:4VWG+W22wrB4HfBL88P40DxLEpSOaiBVxUnfalfJo9k=
github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k=
github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
+github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb h1:Nij5OnaECrkmcRQMAE9LMbQXPo95aqFnf+12B7SyFVI=
+github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb/go.mod h1:Rhb3moCqeiTuGHAbXBOlwPubUMlOZEkrEWTRjIF3jzs=
github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
github.com/openzipkin/zipkin-go v0.3.0/go.mod h1:4c3sLeE8xjNqehmF5RpAFLPLJxXscc0R4l6Zg0P1tTQ=
github.com/openzipkin/zipkin-go v0.4.2 h1:zjqfqHjUpPmB3c1GlCvvgsM1G4LkvqQbBDueDOCg/jA=
github.com/openzipkin/zipkin-go v0.4.2/go.mod h1:ZeVkFjuuBiSy13y8vpSDCjMi9GoI3hPpCJSBx/EYFhY=
github.com/operator-framework/api v0.1.1 h1:DbfxRJUPMQlQW6nbfoNzWLxv1rIv13Gt8GbsF2aglFk=
+github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g=
github.com/operator-framework/operator-registry v1.6.1 h1:Ow0Ko9DRIZ4xvH55vFAslcTy6A9FhlIeXvm+FhyRd84=
+github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde h1:x0TT0RDC7UhAVbbWWBzr41ElhJx5tXPWkIHA2HWPRuw=
+github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
github.com/otiai10/copy v1.0.2 h1:DDNipYy6RkIkjMwy+AWzgKiNTyj2RUI9yEMeETEpVyc=
github.com/otiai10/curr v0.0.0-20190513014714-f5a3d24e5776 h1:o59bHXu8Ejas8Kq6pjoVJQ9/neN66SM8AKh6wI42BBs=
github.com/otiai10/mint v1.3.0 h1:Ady6MKVezQwHBkGzLFbrsywyp09Ah7rkmfjV3Bcr5uc=
@@ -1407,47 +2609,91 @@ github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c h1:Lgl0gzECD8GnQ5
github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
github.com/pelletier/go-buffruneio v0.2.0 h1:U4t4R6YkofJ5xHm3dJzuRpPZ0mr5MMCoAWooScCR7aA=
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
+github.com/pelletier/go-toml v1.8.1 h1:1Nf83orprkJyknT6h7zbuEGUEjcyVlCxSUGTENmNCRM=
+github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
github.com/pelletier/go-toml/v2 v2.0.0-beta.2 h1:f/g66OWmYXmVnYL3UAhqpM9YuWKFR2vjYfFNSDQcHPQ=
+github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
+github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
+github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
+github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
+github.com/phpdave11/gofpdf v1.4.2 h1:KPKiIbfwbvC/wOncwhrpRdXVj2CZTCFlw4wnoyjtHfQ=
+github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
+github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
+github.com/phpdave11/gofpdi v1.0.13 h1:o61duiW8M9sMlkVXWlvP92sZJtGKENvW3VExs6dZukQ=
+github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
+github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pierrec/lz4/v4 v4.1.15 h1:MO0/ucJhngq7299dKLwIMtgTfbkoSPF6AoMYDd8Q4q0=
+github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pierrec/lz4/v4 v4.1.17/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=
+github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
github.com/pkg/profile v1.2.1 h1:F++O52m40owAmADcojzM+9gyjmMOY/T4oYJkgFDH8RE=
github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
+github.com/pkg/sftp v1.13.1 h1:I2qBYMChEhIjOgazfJmV3/mZM256btk6wkCDRmW7JYs=
+github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
github.com/posener/complete v1.1.1 h1:ccV59UEOTzVDnDUEFdT95ZzHVZ+5+158q8+SJb2QV5w=
+github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 h1:0XM1XL/OFFJjXsYXlG30spTkV/E9+gmd5GD1w2HE8xM=
github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc=
github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
+github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
github.com/prometheus/alertmanager v0.25.0/go.mod h1:MEZ3rFVHqKZsw7IcNS/m4AWZeXThmJhumpiWR4eHU/w=
github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
+github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
github.com/prometheus/common/assets v0.2.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI=
github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
github.com/prometheus/exporter-toolkit v0.10.0/go.mod h1:+sVFzuvV5JDyw+Ih6p3zFxZNVnKQa3x5qPmDSiPu4ZY=
+github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
+github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
github.com/prometheus/procfs v0.11.0/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
+github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/prometheus/prometheus v0.47.0 h1:tIJJKZGlmrMVsvIt6rMfB8he7CRHEc8ZxS5ubcZtbkM=
github.com/prometheus/prometheus v0.47.0/go.mod h1:J/bmOSjgH7lFxz2gZhrWEZs2i64vMS+HIuZfmYNhJ/M=
github.com/prometheus/tsdb v0.7.1 h1:YZcsG11NqnK4czYLrWd9mpEuAJIHVQLwdrleYfszMAA=
github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c h1:JoUA0uz9U0FVFq5p4LjEq4C0VgQ0El320s3Ms0V4eww=
github.com/rabbitmq/amqp091-go v1.1.0 h1:qx8cGMJha71/5t31Z+LdPLdPrkj/BvD38cqC3Bi1pNI=
github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0VTJ0kHRghqbM=
+github.com/rabbitmq/amqp091-go v1.8.1 h1:RejT1SBUim5doqcL6s7iN6SBmsQqyTgXb1xMlH0h1hA=
github.com/rabbitmq/amqp091-go v1.8.1/go.mod h1:+jPrT9iY2eLjRaMSRHUhc3z14E/l85kv/f+6luSD3pc=
+github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhDYGoxY8uLVpewe1GDZ2vu2Tr/vTdVAkFQ=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446 h1:/NRJ5vAYoqz+7sG51ubIDHXeWO8DlTSrToPu6q11ziA=
+github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
+github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
github.com/rogpeppe/fastuuid v1.2.0 h1:Ppwyp6VYCF1nvBTXL3trRso7mXMlRrw9ooo375wvi2s=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
github.com/rs/dnscache v0.0.0-20211102005908-e0241e321417 h1:Lt9DzQALzHoDwMBGJ6v8ObDPR0dzr2a6sXTB1Fq7IHs=
github.com/rs/dnscache v0.0.0-20211102005908-e0241e321417/go.mod h1:qe5TWALJ8/a1Lqznoc5BDHpYX/8HU60Hm2AwRmqzxqA=
+github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
+github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 h1:K1Xf3bKttbF+koVGaX5xngRIZ5bVjbmPnaxE/dR08uY=
+github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f h1:UFr9zpz4xgTnIE5yIMtWAMngCdZ9p/+q6lTbgelo80M=
github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735 h1:7YvPJVmEeFHR1Tj9sZEYsmarJEQfMVYpd/Vyy/A8dqE=
github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
@@ -1462,24 +2708,46 @@ github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041 h1:llrF3Fs4018ePo
github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c/go.mod h1:owqhoLW1qZoYLZzLnBw+QkPP9WZnjlSWihhxAJC1+/M=
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
github.com/sourcegraph/go-diff v0.5.1 h1:gO6i5zugwzo1RVTvgvfwCOSVegNuvnNi6bAD1QCmkHs=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ=
github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc=
+github.com/spf13/afero v1.3.3 h1:p5gZEKLYoL7wh8VrJesMaYeNxdEd1v3cb4irOk9zB54=
github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
+github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
+github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=
+github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
+github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY=
+github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
+github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
+github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI=
github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
+github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
github.com/spf13/viper v1.7.0 h1:xVKxvI7ouOI5I+U9s2eeiUfMaWBVoXA3AWskkrqK0VM=
+github.com/spf13/viper v1.7.1 h1:pM5oEahlgWv/WnHXpgbKz7iLIxRf65tye2Ci+XFK5sk=
+github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518 h1:iD+PFTQwKEmbwSdwfvP5ld2WEI/g7qbdhmHJ2ASfYGs=
github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
+github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94 h1:0ngsPmuP6XIjiFRNFYlvKwSr5zff2v+uPHaffZ6/M4k=
github.com/streadway/quantile v0.0.0-20150917103942-b0c588724d25 h1:7z3LSn867ex6VSaahyKadf4WtSsJIgne6A1WLOAGM8A=
+github.com/streadway/quantile v0.0.0-20220407130108-4246515d968d h1:X4+kt6zM/OVO6gbJdAfJR60MGPsqCzbtXNnjoGqdfAs=
github.com/streadway/quantile v0.0.0-20220407130108-4246515d968d/go.mod h1:lbP8tGiBjZ5YWIc2fzuRpTaz0b/53vT6PEs3QuAWzuU=
github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.3.1-0.20190311161405-34c6fa2dc709/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807 h1:LUsDduamlucuNnWcaTbXQ6aLILFcLXADpOzeEH3U+OI=
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8 h1:zLV6q4e8Jv9EHjNg/iHfzwDkCve6Ua5jCygptrtXHvI=
@@ -1495,10 +2763,14 @@ github.com/tsenart/vegeta/v12 v12.11.1/go.mod h1:swiFmrgpqj2llHURgHYFRFN0tfrIrln
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8 h1:3SVOIvH7Ae1KRYyQWRjXWJEA9sS/c/pjvH++55Gr648=
github.com/ultraware/funlen v0.0.1 h1:UeC9tpM4wNWzUJfan8z9sFE4QCzjjzlCZmuJN+aOkH0=
github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw=
+github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M=
github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
github.com/valyala/fasthttp v1.2.0 h1:dzZJf2IuMiclVjdw0kkT+f9u4YdrapbNyGAN47E/qnk=
+github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
+github.com/valyala/fasttemplate v1.2.1 h1:TVEnxayobAdVkhQfrfes2IzOB6o+z4roRkPF52WA1u4=
+github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
github.com/valyala/quicktemplate v1.1.1 h1:C58y/wN0FMTi2PR0n3onltemfFabany53j7M6SDDB8k=
github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a h1:0R4NLDRDZX6JcmhJgXi5E4b8Wg84ihbmUKp/GvSPEzc=
github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
@@ -1506,6 +2778,7 @@ github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaW
github.com/vektah/gqlparser v1.1.2 h1:ZsyLGn7/7jDNI+y4SEhI4yAxRChlv15pUHMjijT+e68=
github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI=
github.com/wavesoftware/go-ensure v1.0.0 h1:6X3gQL5psBWwtu/H9a+69xQ+JGTUELaLhgOB/iB3AQk=
+github.com/wavesoftware/go-ensure v1.0.0/go.mod h1:K2UAFSwMTvpiRGay/M3aEYYuurcR8S4A6HkQlJPV8k4=
github.com/xanzy/go-gitlab v0.15.0 h1:rWtwKTgEnXyNUGrOArN7yyc3THRkpYcKXIXia9abywQ=
github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@@ -1518,12 +2791,17 @@ github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gi
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c h1:u40Z8hqBAAQyv+vATcGgV0YCnDjqSL7/q/JyPhhJSPk=
github.com/xdg/stringprep v1.0.0 h1:d9X0esnoa3dFsV0FG35rAT0RIhYFlPq7MiP+DW89La0=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
+github.com/xhit/go-str2duration v1.2.0 h1:BcV5u025cITWxEQKGWr1URRzrcXtu7uk8+luz3Yuhwc=
github.com/xhit/go-str2duration v1.2.0/go.mod h1:3cPSlfZlUHVlneIVfePFWcJZsuwf+P1v2SRTV4cUmp4=
github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc=
github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 h1:j2hhcujLRHAg872RWAV5yaUrEjHEObwDv3aImCaNLek=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77 h1:ESFSdwYZvkeru3RtdrYueztKhOBCSAAzS4Gf+k0tEow=
github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
@@ -1532,32 +2810,72 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
+github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
+github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
+github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b h1:7gd+rd8P3bqcn/96gOZa3F5dpJr/vEiDQYlNb/y2uNs=
+go.einride.tech/aip v0.66.0 h1:XfV+NQX6L7EOYK11yoHHFtndeaWh3KbD9/cN/6iWEt8=
+go.einride.tech/aip v0.66.0/go.mod h1:qAhMsfT7plxBX+Oy7Huol6YUvZ0ZzdUz26yZsQwfl1M=
go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
+go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA=
+go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
+go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
+go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
+go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0fZcnECiDrKJsfxka0=
go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo=
go.etcd.io/etcd/api/v3 v3.5.5/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
go.etcd.io/etcd/api/v3 v3.5.7 h1:sbcmosSVesNrWOJ58ZQFitHMdncusIifYcrBfwrlJSY=
go.etcd.io/etcd/api/v3 v3.5.7/go.mod h1:9qew1gCdDDLu+VwmeG+iFpL+QlpHTo7iubavdVDgCAA=
+go.etcd.io/etcd/api/v3 v3.5.10 h1:szRajuUUbLyppkhs9K6BRtjY37l66XQQmw7oZRANE4k=
+go.etcd.io/etcd/api/v3 v3.5.10/go.mod h1:TidfmT4Uycad3NM/o25fG3J07odo4GBB9hoxaodFCtI=
+go.etcd.io/etcd/api/v3 v3.5.14 h1:vHObSCxyB9zlF60w7qzAdTcGaglbJOpSj1Xj9+WGxq0=
+go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU=
go.etcd.io/etcd/client/pkg/v3 v3.5.5/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ=
go.etcd.io/etcd/client/pkg/v3 v3.5.7 h1:y3kf5Gbp4e4q7egZdn5T7W9TSHUvkClN6u+Rq9mEOmg=
go.etcd.io/etcd/client/pkg/v3 v3.5.7/go.mod h1:o0Abi1MK86iad3YrWhgUsbGx1pmTS+hrORWc2CamuhY=
+go.etcd.io/etcd/client/pkg/v3 v3.5.10 h1:kfYIdQftBnbAq8pUWFXfpuuxFSKzlmM5cSn76JByiT0=
+go.etcd.io/etcd/client/pkg/v3 v3.5.10/go.mod h1:DYivfIviIuQ8+/lCq4vcxuseg2P2XbHygkKwFo9fc8U=
+go.etcd.io/etcd/client/pkg/v3 v3.5.14 h1:SaNH6Y+rVEdxfpA2Jr5wkEvN6Zykme5+YnbCkxvuWxQ=
+go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI=
go.etcd.io/etcd/client/v2 v2.305.5/go.mod h1:zQjKllfqfBVyVStbt4FaosoX2iYd8fV/GRy/PbowgP4=
go.etcd.io/etcd/client/v2 v2.305.7 h1:AELPkjNR3/igjbO7CjyF1fPuVPjrblliiKj+Y6xSGOU=
go.etcd.io/etcd/client/v2 v2.305.7/go.mod h1:GQGT5Z3TBuAQGvgPfhR7VPySu/SudxmEkRq9BgzFU6s=
+go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4=
+go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA=
+go.etcd.io/etcd/client/v2 v2.305.13 h1:RWfV1SX5jTU0lbCvpVQe3iPQeAHETWdOTb6pxhd77C8=
+go.etcd.io/etcd/client/v2 v2.305.13/go.mod h1:iQnL7fepbiomdXMb3om1rHq96htNNGv2sJkEcZGDRRg=
go.etcd.io/etcd/client/v3 v3.5.5/go.mod h1:aApjR4WGlSumpnJ2kloS75h6aHUmAyaPLjHMxpc7E7c=
go.etcd.io/etcd/client/v3 v3.5.7 h1:u/OhpiuCgYY8awOHlhIhmGIGpxfBU/GZBUP3m/3/Iz4=
go.etcd.io/etcd/client/v3 v3.5.7/go.mod h1:sOWmj9DZUMyAngS7QQwCyAXXAL6WhgTOPLNS/NabQgw=
+go.etcd.io/etcd/client/v3 v3.5.10 h1:W9TXNZ+oB3MCd/8UjxHTWK5J9Nquw9fQBLJd5ne5/Ao=
+go.etcd.io/etcd/client/v3 v3.5.10/go.mod h1:RVeBnDz2PUEZqTpgqwAtUd8nAPf5kjyFyND7P1VkOKc=
+go.etcd.io/etcd/client/v3 v3.5.14 h1:CWfRs4FDaDoSz81giL7zPpZH2Z35tbOrAJkkjMqOupg=
+go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk=
go.etcd.io/etcd/pkg/v3 v3.5.5/go.mod h1:6ksYFxttiUGzC2uxyqiyOEvhAiD0tuIqSZkX3TyPdaE=
go.etcd.io/etcd/pkg/v3 v3.5.7 h1:obOzeVwerFwZ9trMWapU/VjDcYUJb5OfgC1zqEGWO/0=
go.etcd.io/etcd/pkg/v3 v3.5.7/go.mod h1:kcOfWt3Ov9zgYdOiJ/o1Y9zFfLhQjylTgL4Lru8opRo=
+go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM=
+go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs=
+go.etcd.io/etcd/pkg/v3 v3.5.13 h1:st9bDWNsKkBNpP4PR1MvM/9NqUPfvYZx/YXegsYEH8M=
+go.etcd.io/etcd/pkg/v3 v3.5.13/go.mod h1:N+4PLrp7agI/Viy+dUYpX7iRtSPvKq+w8Y14d1vX+m0=
go.etcd.io/etcd/raft/v3 v3.5.5/go.mod h1:76TA48q03g1y1VpTue92jZLr9lIHKUNcYdZOOGyx8rI=
go.etcd.io/etcd/raft/v3 v3.5.7 h1:aN79qxLmV3SvIq84aNTliYGmjwsW6NqJSnqmI1HLJKc=
go.etcd.io/etcd/raft/v3 v3.5.7/go.mod h1:TflkAb/8Uy6JFBxcRaH2Fr6Slm9mCPVdI2efzxY96yU=
+go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA=
+go.etcd.io/etcd/raft/v3 v3.5.10/go.mod h1:odD6kr8XQXTy9oQnyMPBOr0TVe+gT0neQhElQ6jbGRc=
+go.etcd.io/etcd/raft/v3 v3.5.13 h1:7r/NKAOups1YnKcfro2RvGGo2PTuizF/xh26Z2CTAzA=
+go.etcd.io/etcd/raft/v3 v3.5.13/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw=
go.etcd.io/etcd/server/v3 v3.5.5/go.mod h1:rZ95vDw/jrvsbj9XpTqPrTAB9/kzchVdhRirySPkUBc=
go.etcd.io/etcd/server/v3 v3.5.7 h1:BTBD8IJUV7YFgsczZMHhMTS67XuA4KpRquL0MFOJGRk=
go.etcd.io/etcd/server/v3 v3.5.7/go.mod h1:gxBgT84issUVBRpZ3XkW1T55NjOb4vZZRI4wVvNhf4A=
+go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg=
+go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo=
+go.etcd.io/etcd/server/v3 v3.5.13 h1:V6KG+yMfMSqWt+lGnhFpP5z5dRUj1BDRJ5k1fQ9DFok=
+go.etcd.io/etcd/server/v3 v3.5.13/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ=
+go.etcd.io/gofail v0.1.0 h1:XItAMIhOojXFQMgrxjnd2EIIHun/d5qL0Pf7FzVTkFg=
+go.etcd.io/gofail v0.1.0/go.mod h1:VZBCXYGZhHAinaBiiqYvuDynvahNsAyLFwB3kEHKz1M=
go.mongodb.org/mongo-driver v1.5.1 h1:9nOVLGDfOaZ9R0tBumx/BcuqkbFpyTCU2r/Po7A2azI=
go.mongodb.org/mongo-driver v1.5.1/go.mod h1:gRXCHX4Jo7J0IJ1oDQyUxF7jfy19UfxniMS4xxMmUqw=
go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
@@ -1566,15 +2884,39 @@ go.opentelemetry.io/collector/semconv v0.81.0/go.mod h1:TlYPtzvsXyHOgr5eATi43qEM
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.25.0/go.mod h1:E5NNboN0UqSAki0Atn9kVwaN7I+l25gGxDqBueo/74E=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 h1:xFSRQBbXF6VvYRf2lqMJXxoB72XI1K/azav8TekHHSw=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0/go.mod h1:h8TWwRAhQpOd0aM5nYsRD8+flnkj+526GEIVlarH7eY=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 h1:sxoY9kG1s1WpSYNyzm24rlwH4lnRYFXUVVBmKMBfRgw=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1/go.mod h1:9NiG9I2aHTKkcxqCILhjtyNA1QEiCjdBACv4IvrFQ+c=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0/go.mod h1:XiYsayHc36K3EByOO6nbAXnAWbrUxdjUROCEeeROOH8=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 h1:KfYpVmrjI7JuToy5k8XV3nkapjWx48k4E4JOtVstzQI=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0/go.mod h1:SeQhzAEccGVZVEy7aH87Nh0km+utSpo1pTv6eMMop48=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
go.opentelemetry.io/otel v1.0.1/go.mod h1:OPEOD4jIT2SlZPMmwT6FqZz2C0ZNdQqiWcoK6M0SNFU=
go.opentelemetry.io/otel v1.8.0/go.mod h1:2pkj+iMj0o03Y+cW6/m8Y4WkRdYN3AvCXCnzRMp9yvM=
go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4=
go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ=
go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
+go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
+go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
+go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI=
+go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0=
+go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
+go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0 h1:TaB+1rQhddO1sF71MpZOZAuSPW1klK2M8XxfrBMfK7Y=
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY=
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0/go.mod h1:vLarbg68dH2Wa77g71zmKQqlQ8+8Rq3GRG31uc0WcWI=
@@ -1582,28 +2924,61 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.0.1/go.mod h1:Kv8liBeVNFkkk
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0 h1:pDDYmo0QadUPal5fwXoY1pmMpFcdyhXOmL5drCrI3vU=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.10.0/go.mod h1:Krqnjl22jUJ0HgMzw5eveuCvFDXY4nSYb4F8t5gdrag=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0/go.mod h1:JgXSGah17croqhJfhByOLVY719k1emAXC8MVhCIJlRs=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.0.1/go.mod h1:xOvWoTOrQjxjW61xtOmD/WKGRYb/P4NzRo3bs65U6Rk=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0 h1:KtiUEhQmj/Pa874bVYKGNVdq8NPKiacPbaRRtgXi+t4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.10.0/go.mod h1:OfUCyyIiDvNXHWpcWgbF+MWvqPZiNa3YDEnivcnYsV0=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0/go.mod h1:I33vtIe0sR96wfrUcilIzLoA3mLHhRmz9S9Te0S3gDo=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.16.0/go.mod h1:hGXzO5bhhSHZnKvrDaXB82Y9DRFour0Nz/KrBh7reWw=
go.opentelemetry.io/otel/metric v0.31.0 h1:6SiklT+gfWAwWUR0meEMxQBtihpiEs4c+vL9spDTqUs=
go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A=
go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
+go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE=
+go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
+go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY=
+go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo=
+go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
+go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
go.opentelemetry.io/otel/sdk v1.0.1/go.mod h1:HrdXne+BiwsOHYYkBE5ysIcv2bvdZstxzmCQhxTcZkI=
go.opentelemetry.io/otel/sdk v1.10.0 h1:jZ6K7sVn04kk/3DNUdJ4mqRlGDiXAVuIG+MMENpTNdY=
go.opentelemetry.io/otel/sdk v1.10.0/go.mod h1:vO06iKzD5baltJz1zarxMCNHFpUlUiOy4s65ECtn6kE=
go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
+go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o=
+go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A=
+go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
+go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
+go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
+go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A=
go.opentelemetry.io/otel/trace v1.0.1/go.mod h1:5g4i4fKLaX2BQpSBsxw8YYcgKpMMSW3x7ZTuYBr3sUk=
go.opentelemetry.io/otel/trace v1.8.0/go.mod h1:0Bt3PXY8w+3pheS3hQUt+wow8b1ojPaTBoTCh2zIFI4=
go.opentelemetry.io/otel/trace v1.10.0 h1:npQMbR8o7mum8uF95yFbOEJffhs1sbCOfDh8zAJiH5E=
go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM=
go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
+go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
+go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
+go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
+go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
+go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo=
+go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk=
+go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg=
+go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw=
go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
+go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
+go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A=
go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8=
go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0=
@@ -1613,26 +2988,118 @@ go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6 h1:QE6XYQK6naiK1EPAe1g/ILLxN5RBoH5xkJk3CqlMI/Y=
-golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
+golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA=
+golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
+golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
+golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
+golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
+golang.org/x/image v0.0.0-20220302094943-723b81ca9867 h1:TcHcE0vrmgzNH1v3ppjcMGbhG5+9fMuvOmUYwNEF4q4=
+golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k=
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028 h1:4+4C/Iv2U4fMZBiMCc98MG1In4gJY5YRhtpDNeDeHWs=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
@@ -1641,19 +3108,46 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
+golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
+golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec=
+golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
+golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
+golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
+golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
+golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
+golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200826173525-f9321e4c35a6/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1661,32 +3155,81 @@ golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808 h1:+Kc94D8UVEVxJnLXp/+FMfqQARZtWHfVrcRtcG8aT3g=
+golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2 h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
@@ -1694,31 +3237,66 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
+golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
+golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
-golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
+golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
+golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
+golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
+golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
+golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
+golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
+gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485 h1:OB/uP/Puiu5vS5QMRPrXCDWUPb+kt8f1KW8oQzFejQw=
+gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
+gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0=
+gonum.org/v1/gonum v0.11.0 h1:f1IJhK4Km5tBJmaiJXtk/PkL4cdVX6J+tGiM187uT5E=
+gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA=
gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e h1:jRyg0XfpwWlhEV8mDfdNGBeSJM2fuyh9Yjrnd8kF2Ts=
+gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
+gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY=
+gonum.org/v1/plot v0.10.1 h1:dnifSs43YJuNMDzB7v8wV64O4ABBHReuAVAoBxqBqS4=
+gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo=
google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
@@ -1732,17 +3310,61 @@ google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqiv
google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
google.golang.org/api v0.58.0/go.mod h1:cAbP2FsxoGVNwtgNAmmn3y5G1TWAiVYRmg4yku3lv+E=
google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
+google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
+google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
+google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
+google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
+google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
+google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
+google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
+google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
+google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
+google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
+google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g=
+google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
+google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw=
+google.golang.org/api v0.95.0/go.mod h1:eADj+UBuxkh5zlrSntJghuNeg8HwQ1w5lTKkuqaETEI=
+google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
+google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
+google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
+google.golang.org/api v0.99.0/go.mod h1:1YOf74vkVndF7pG6hIHuINsM7eWwpVTAfNMNiL91A08=
+google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70=
+google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo=
+google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0=
+google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY=
+google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY=
+google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY=
+google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI=
+google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0=
+google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
+google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E=
+google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
+google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4=
google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750=
+google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs=
+google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY=
+google.golang.org/api v0.150.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg=
+google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk=
+google.golang.org/api v0.160.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw=
+google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYlAHs0=
+google.golang.org/api v0.164.0/go.mod h1:2OatzO7ZDQsoS7IFf3rvsE17/TldiU3F/zxFHeqUB5o=
+google.golang.org/api v0.166.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8 h1:Cpp2P6TPjujNoC5M2KHY6g7wfyLYfIWRZaSdIKfDasA=
google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
@@ -1764,26 +3386,146 @@ google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ6
google.golang.org/genproto v0.0.0-20211016002631-37fc39342514/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
+google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE=
+google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc=
+google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
+google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
+google.golang.org/genproto v0.0.0-20220829144015-23454907ede3/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
+google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
+google.golang.org/genproto v0.0.0-20220913154956-18f8339a66a5/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
+google.golang.org/genproto v0.0.0-20220914142337-ca0e39ece12f/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
+google.golang.org/genproto v0.0.0-20220915135415-7fd63a7952de/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
+google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
+google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo=
+google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw=
+google.golang.org/genproto v0.0.0-20220926165614-551eb538f295/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI=
+google.golang.org/genproto v0.0.0-20220926220553-6981cbe3cfce/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI=
+google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqwhZAwq4wsRUaVG555sVgsNmIjRtO7t/JH29U=
+google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM=
+google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM=
+google.golang.org/genproto v0.0.0-20221024153911-1573dae28c9c/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
+google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
+google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo=
+google.golang.org/genproto v0.0.0-20221109142239-94d6d90a7d66/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
+google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
+google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
+google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
+google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
+google.golang.org/genproto v0.0.0-20221201204527-e3fa12d562f3/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
+google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE=
+google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230123190316-2c411cf9d197/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230127162408-596548ed4efa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44/go.mod h1:8B0gmkoRebU8ukX6HP+4wrVQUY1+6PkQ44BSyIlflHA=
+google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw=
+google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw=
+google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488/go.mod h1:TvhZT5f700eVlTNwND1xoEZQeWTB2RY/65kplwl/bFA=
google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s=
google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s=
+google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
+google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
+google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
+google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY=
google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk=
google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0=
+google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8=
+google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
google.golang.org/genproto v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:CCviP9RmpZ1mxVr8MUjCnSiY09IbAXZxhLE6EhHIdPU=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
+google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405/go.mod h1:3WDQMjmJk36UQhjQ89emUzb1mdaHcPeeAh4SCBKznB4=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY=
+google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY=
+google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:+Rvu7ElI+aLzyDQhpHMFMMltsD6m7nqpuWDd2CwJw3k=
+google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
+google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU=
+google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
+google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8=
+google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5/go.mod h1:5DZzOUPCLYL3mNkQ0ms0F3EuUNZ7py1Bqeq6sxzI7/Q=
google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U=
+google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
+google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
+google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I=
+google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8=
+google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y=
+google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE=
+google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas=
+google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU=
+google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA=
google.golang.org/genproto/googleapis/bytestream v0.0.0-20231009173412-8bfb1ae86b6c h1:9tZedXBlwql0v/dLZx1E4Rcz9ESc8j1KZk71903wKEg=
google.golang.org/genproto/googleapis/bytestream v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:itlFWGBbEyD32PUeJsTG8h8Wz7iJXfVK4gt1EJ+pAG0=
+google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405 h1:o4S3HvTUEXgRsNSUQsALDVog0O9F/U1JJlHmmUN8Uas=
+google.golang.org/genproto/googleapis/bytestream v0.0.0-20240304161311-37d4d3c04a78 h1:YqFWYZXim8bG9v68xU8WjTZmYKb5M5dMeSOWIp6jogI=
+google.golang.org/genproto/googleapis/bytestream v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:vh/N7795ftP0AkN1w8XKqN4w1OdUKXW5Eummda+ofv8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5/go.mod h1:zBEcrKX2ZOcEkHWxBPAIvYUWOKKMIhYcmNiUIu2ji3I=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240513163218-0867130af1f8/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
@@ -1791,24 +3533,46 @@ google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
+google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
+google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
+google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
+google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
+google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
+google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 h1:M1YKkFIboKNieVO5DLUEVzQfGwJD30Nv2jfUgzb5UcE=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/airbrake/gobrake.v2 v2.0.9 h1:7z2uVWwn7oVeeugY1DtlPAy5H+KYgB1KeKTnqjNatLo=
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
gopkg.in/cheggaaa/pb.v1 v1.0.25 h1:Ev7yu1/f6+d+b3pi5vPdRPc6nNtP1umSfcWiEfRqv6I=
@@ -1817,37 +3581,86 @@ gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 h1:OAj3g0cR6Dx/R07QgQe8wkA9RNjB2u4i700xBkIT4e0=
gopkg.in/imdario/mergo.v0 v0.3.7 h1:QDotlIZtaO/p+Um0ok18HRTpq5i5/SAk/qprsor+9c8=
gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
+gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
+gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 h1:6D+BvnJ/j6e222UW8s2qTSe3wGBtvo0MbVQG/c5k8RE=
gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI=
gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA=
+gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
helm.sh/helm/v3 v3.1.2 h1:VpNzaNv2DX4aRnOCcV7v5Of+XT2SZrJ8iOQ25AGKOos=
honnef.co/go/tools v0.0.1-2020.1.4 h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK8=
+honnef.co/go/tools v0.1.3 h1:qTakTkI6ni6LFD5sBwwsdSO+AQqbSIxOauHTTQKZ/7o=
+honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
+k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=
+k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE=
+k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM=
k8s.io/apiextensions-apiserver v0.26.5/go.mod h1:Olsde7ZNWnyz9rsL13iXYXmL1h7kWujtKeC3yWVCDPo=
+k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
+k8s.io/apiextensions-apiserver v0.27.6/go.mod h1:AVNlLYRrESG5Poo6ASRUhY2pvoKPcNt8y/IuZ4lx3o8=
+k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y=
+k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
+k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
k8s.io/apiserver v0.26.5/go.mod h1:OSbw98Y1bDSbA2izYIKqhi10vb4KWP9b4siiCRFkBVE=
k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
k8s.io/apiserver v0.27.6 h1:r/eHN8r3lG2buggHrVMy++kKhHlHn1HWSX1dqDtes54=
k8s.io/apiserver v0.27.6/go.mod h1:Xeo9OEXn2kDLK5pqspjdXQx7YKgDyKSpwIB4p0BmpAQ=
+k8s.io/apiserver v0.27.16 h1:s3+lMqISTj5l/ZH/BvhdbiMfIoTF3/lrAN99BHccLmk=
+k8s.io/apiserver v0.27.16/go.mod h1:xwxM8/bcAtgkWqbsGwMQjImIC5Jik7a4pHRptEDqQf0=
+k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M=
+k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY=
+k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY=
+k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk=
k8s.io/cli-runtime v0.17.3 h1:0ZlDdJgJBKsu77trRUynNiWsRuAvAVPBNaQfnt/1qtc=
+k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ=
+k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY=
+k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc=
k8s.io/code-generator v0.26.5/go.mod h1:iWTVFxfBX+RYe0bXjKqSM83KJF8eimor/izQInvq/60=
k8s.io/code-generator v0.27.1/go.mod h1:iWtpm0ZMG6Gc4daWfITDSIu+WFhFJArYDhj242zcbnY=
k8s.io/code-generator v0.27.2/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww=
k8s.io/code-generator v0.27.6 h1:1zkSDvylcA11s91aYg5U7fZ24EXMZ+KIDOj/Z3Ti4c8=
k8s.io/code-generator v0.27.6/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww=
+k8s.io/code-generator v0.27.16 h1:nDZ6TL+hyEczXIlts1WCz57F09zDC1Xs/UMg0X+QvY0=
+k8s.io/code-generator v0.27.16/go.mod h1:NmuMGweDQC7Ewx+c8zgbtVPLsy5r5Rs/+nQ7kuBwNbI=
+k8s.io/code-generator v0.30.0 h1:3VUVqHvWFSVSm9kqL/G6kD4ZwNdHF6J/jPyo3Jgjy3k=
+k8s.io/code-generator v0.30.0/go.mod h1:mBMZhfRR4IunJUh2+7LVmdcWwpouCH5+LNPkZ3t/v7Q=
+k8s.io/code-generator v0.31.0 h1:w607nrMi1KeDKB3/F/J4lIoOgAwc+gV9ZKew4XRfMp8=
+k8s.io/code-generator v0.31.0/go.mod h1:84y4w3es8rOJOUUP1rLsIiGlO1JuEaPFXQPA9e/K6U0=
k8s.io/component-base v0.26.5/go.mod h1:wvfNAS05EtKdPeUxFceo8WNh8bGPcFY8QfPhv5MYjA4=
+k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo=
+k8s.io/component-base v0.27.6/go.mod h1:NvjLtaneUeb0GgMPpCBF+4LNB9GuhDHi16uUTjBhQfU=
+k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o=
+k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ=
+k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs=
+k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo=
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 h1:iu3o/SxaHVI7tKPtkGzD3M9IzrE21j+CUKH98NQJ8Ms=
k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo=
+k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
+k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
+k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
+k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kms v0.26.5/go.mod h1:AYuV9ZebRhr6cb1eT9L6kZVxvgIUxmE1Fe6kPhqYvuc=
k8s.io/kms v0.27.2/go.mod h1:dahSqjI05J55Fo5qipzvHSRbm20d7llrSeQjjl86A7c=
k8s.io/kms v0.27.6 h1:0IWDsxoget7Gs4zzMAY+y7dwNaGvwlAvS2XQVuFECU0=
k8s.io/kms v0.27.6/go.mod h1:9YQuCFa+n88RWokHkl+4RHFQ9DATSip/ihBqxlDUBuw=
+k8s.io/kms v0.27.16 h1:Zso2+ixKQzz/N9b8q9MrFKHv2Fu7jb+0Zvu+iLWAUME=
+k8s.io/kms v0.27.16/go.mod h1:BQf/ALdGhPhqoc1q81A7WdWpjrZ6jCSfePCNecz1AW8=
+k8s.io/kms v0.30.0 h1:ZlnD/ei5lpvUlPw6eLfVvH7d8i9qZ6HwUQgydNVks8g=
+k8s.io/kms v0.30.0/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4=
+k8s.io/kms v0.31.0 h1:KchILPfB1ZE+ka7223mpU5zeFNkmb45jl7RHnlImUaI=
+k8s.io/kms v0.31.0/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94=
k8s.io/kube-aggregator v0.17.3 h1:U7U/XHnKwQlvFmsEE6ubpjF0Y4AVhKtXo+9I3d0L6rY=
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY=
@@ -1858,8 +3671,10 @@ k8s.io/metrics v0.17.3 h1:IqXkNK+5E3vnobFD923Mn1QJEt3fb6+sK0wIjtBzOvw=
k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/utils v0.0.0-20230313181309-38a27ef9d749/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
knative.dev/caching v0.0.0-20220412163508-8b5c244b8182/go.mod h1:BFtnxIjI27VMV52u4vHhplij9j5PbQRXFlDMv7EMjbM=
knative.dev/caching v0.0.0-20231017130712-54d0758671ef h1:92Gn5HUcgMJ78mbSpkCfUxrCTHHZSnvjURk0YRCbUqo=
knative.dev/caching v0.0.0-20231017130712-54d0758671ef/go.mod h1:plGN+mIBKRtVxZ0vQeZ3Gt02RIaj0niwIMnQNkQHycw=
@@ -1867,31 +3682,101 @@ knative.dev/hack v0.0.0-20230417170854-f591fea109b3/go.mod h1:yk2OjGDsbEnQjfxdm0
knative.dev/hack v0.0.0-20231016131700-2c938d4918da h1:xy+fvuz2LDOMsZ5UwXRaMF70NYUs9fsG+EF5/ierYBg=
knative.dev/hack v0.0.0-20231016131700-2c938d4918da/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
knative.dev/hack/schema v0.0.0-20210806075220-815cd312d65c h1:YqFCmijfROO3rzIO8u1EMKZXBwAFJMmIoTXcr6wdBy8=
+knative.dev/hack/schema v0.0.0-20231016131700-2c938d4918da h1:euBj0+2eY7BryoQe6aVg6R40dkbsGHULu6wjBsB3Vf8=
+knative.dev/hack/schema v0.0.0-20231016131700-2c938d4918da/go.mod h1:3pWwBLnTZSM9psSgCAvhKOHIPTzqfEMlWRpDu6IYhK0=
knative.dev/pkg v0.0.0-20230525143525-9bda38b21643 h1:DoGHeW3ckr509v87NcYSSuRHEnxKIxyJxWrrDO/71CY=
knative.dev/pkg v0.0.0-20230525143525-9bda38b21643/go.mod h1:dqC6IrvyBE7E+oZocs5PkVhq1G59pDTA7r8U17EAKMk=
knative.dev/reconciler-test v0.0.0-20210915181908-49fac7555086 h1:IAM7f2XCCfxwH9WODJ3+Puv0lrdK5IhqQloYaO4lfvg=
+knative.dev/reconciler-test v0.0.0-20231024072442-5fb93a792b99 h1:RyJ5EZ0XMhTn4CdjI355ceeZmjpPhz4edMu2XRC67bA=
+knative.dev/reconciler-test v0.0.0-20231024072442-5fb93a792b99/go.mod h1:ojrPzMaQ7FugThq5SAG3mF1+8/N6gM8b/gFM3kHUXJU=
+lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
+lukechampine.com/uint128 v1.2.0 h1:mBi/5l91vocEN8otkC5bDLhi2KdCticRiwbdB0O+rjI=
+lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
modernc.org/cc v1.0.0 h1:nPibNuDEx6tvYrUAtvDTTw98rx5juGsa5zuDnKwEEQQ=
+modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI=
+modernc.org/cc/v3 v3.36.2/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI=
+modernc.org/cc/v3 v3.36.3 h1:uISP3F66UlixxWEcKuIWERa4TwrZENHSL8tWxZz8bHg=
+modernc.org/cc/v3 v3.36.3/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI=
+modernc.org/cc/v3 v3.40.0 h1:P3g79IUS/93SYhtoeaHW+kRCIrYaxJ27MFPv+7kaTOw=
+modernc.org/ccgo/v3 v3.0.0-20220428102840-41399a37e894/go.mod h1:eI31LL8EwEBKPpNpA4bU1/i+sKOwOrQy8D87zWUcRZc=
+modernc.org/ccgo/v3 v3.0.0-20220430103911-bc99d88307be/go.mod h1:bwdAnOoaIt8Ax9YdWGjxWsdkPcZyRPHqrOvJxaKAKGw=
+modernc.org/ccgo/v3 v3.16.4/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ=
+modernc.org/ccgo/v3 v3.16.6/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ=
+modernc.org/ccgo/v3 v3.16.8/go.mod h1:zNjwkizS+fIFDrDjIAgBSCLkWbJuHF+ar3QRn+Z9aws=
+modernc.org/ccgo/v3 v3.16.9 h1:AXquSwg7GuMk11pIdw7fmO1Y/ybgazVkMhsZWCV0mHM=
+modernc.org/ccgo/v3 v3.16.9/go.mod h1:zNMzC9A9xeNUepy6KuZBbugn3c0Mc9TeiJO4lgvkJDo=
+modernc.org/ccgo/v3 v3.16.13 h1:Mkgdzl46i5F/CNR/Kj80Ri59hC8TKAhZrYSaqvkwzUw=
+modernc.org/ccorpus v1.11.6 h1:J16RXiiqiCgua6+ZvQot4yUuUy8zxgqbqEEUuGPlISk=
+modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ=
modernc.org/golex v1.0.0 h1:wWpDlbK8ejRfSyi0frMyhilD3JBvtcx2AdGDnU+JtsE=
+modernc.org/httpfs v1.0.6 h1:AAgIpFZRXuYnkjftxTAZwMIiwEqAfk8aVB2/oA6nAeM=
+modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM=
+modernc.org/libc v0.0.0-20220428101251-2d5f3daf273b/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA=
+modernc.org/libc v1.16.0/go.mod h1:N4LD6DBE9cf+Dzf9buBlzVJndKr/iJHG97vGLHYnb5A=
+modernc.org/libc v1.16.1/go.mod h1:JjJE0eu4yeK7tab2n4S1w8tlWd9MxXLRzheaRnAKymU=
+modernc.org/libc v1.16.17/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU=
+modernc.org/libc v1.16.19/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA=
+modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0=
+modernc.org/libc v1.17.1 h1:Q8/Cpi36V/QBfuQaFVeisEBs3WqoGAJprZzmf7TfEYI=
+modernc.org/libc v1.17.1/go.mod h1:FZ23b+8LjxZs7XtFMbSzL/EhPxNbfZbErxEHc7cbD9s=
+modernc.org/libc v1.22.2 h1:4U7v51GyhlWqQmwCHj28Rdq2Yzwk55ovjFrdPjs8Hb0=
modernc.org/mathutil v1.0.0 h1:93vKjrJopTPrtTNpZ8XIovER7iCIH1QU7wNbOQXC60I=
+modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ=
+modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw=
+modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw=
+modernc.org/memory v1.2.1 h1:dkRh86wgmq/bJu2cAS2oqBCz/KsMZU7TUM4CibQ7eBs=
+modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
+modernc.org/memory v1.5.0 h1:N+/8c5rE6EqugZwHii4IFsaJ7MUhoWX07J5tC/iI5Ds=
+modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
+modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/sqlite v1.18.1 h1:ko32eKt3jf7eqIkCgPAeHMBXw3riNSLhl2f3loEF7o8=
+modernc.org/sqlite v1.18.1/go.mod h1:6ho+Gow7oX5V+OiOQ6Tr4xeqbx13UZ6t+Fw9IRUG4d4=
+modernc.org/sqlite v1.18.2 h1:S2uFiaNPd/vTAP/4EmyY8Qe2Quzu26A2L1e25xRNTio=
modernc.org/strutil v1.0.0 h1:XVFtQwFVwc02Wk+0L/Z/zDDXO81r5Lhe6iMKmGX3KhE=
+modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw=
+modernc.org/strutil v1.1.3 h1:fNMm+oJklMGYfU9Ylcywl0CO5O6nTfaowNsh2wpPjzY=
+modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw=
+modernc.org/tcl v1.13.1 h1:npxzTwFTZYM8ghWicVIX1cRWzj7Nd8i6AqqX2p+IYao=
+modernc.org/tcl v1.13.1/go.mod h1:XOLfOwzhkljL4itZkK6T72ckMgvj0BDsnKNdZVUOecw=
+modernc.org/tcl v1.13.2 h1:5PQgL/29XkQ9wsEmmNPjzKs+7iPCaYqUJAhzPvQbjDA=
+modernc.org/token v1.0.0 h1:a0jaWiNMDhDUtqOj09wvjWWAqd3q7WpBulmL9H2egsk=
+modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
+modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
modernc.org/xc v1.0.0 h1:7ccXrupWZIS3twbUGrtKmHS2DXY6xegFua+6O3xgAFU=
+modernc.org/z v1.5.1 h1:RTNHdsrOpeoSeOF4FbzTo8gBYByaJ5xT7NgZ9ZqRiJM=
+modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8=
mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I=
mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphDJbHOQO1DFFFTeBo=
mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34 h1:duVSyluuJA+u0BnkcLR01smoLrGgDTfWt5c8ODYG8fU=
pgregory.net/rapid v0.3.3 h1:jCjBsY4ln4Atz78QoBWxUEvAHaFyNDQg9+WU62aCn1U=
+pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw=
pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=
rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=
rsc.io/letsencrypt v0.0.3 h1:H7xDfhkaFFSYEJlKeq38RwX2jYcnTeHuDQyT+mMNMwM=
+rsc.io/pdf v0.1.1 h1:k1MczvYDUvJBe93bYd7wrZLLUEcLZAuF824/I4e5Xr4=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0 h1:9JKUTTIUgS6kzR9mK1YuGKv6Nl+DijDNIc0ghT58FaY=
rsc.io/sampler v1.3.0 h1:7uVkIFmeBqHfdjD+gZwtXXI+RODJ2Wc4O7MPEh/QiW4=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.37/go.mod h1:vfnxT4FXNT8eGvO+xi/DsyC/qHmdujqwrUa1WSspCsk=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 h1:trsWhjU5jZrx6UvFu4WzQDrN7Pga4a7Qg+zcfcj64PA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISXqCDVVcyO8hLn12AKVYYUjM7ftlqsqmrhMZE0=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
+sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q=
+sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw=
sigs.k8s.io/controller-tools v0.2.4 h1:la1h46EzElvWefWLqfsXrnsO3lZjpkI0asTpX6h8PLA=
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
sigs.k8s.io/structured-merge-diff v1.0.2 h1:WiMoyniAVAYm03w+ImfF9IE2G23GLR/SwDnQyaNZvPk=
sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E=
sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4 h1:JPJh2pk3+X4lXAkZIk2RuE/7/FoK9maXw+TNPJhVS/c=
vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc h1:MksmcCZQWAQJCTA5T0jgI/0sJ51AVm4Z41MrmfczEoc=
diff --git a/packages/sonataflow-operator/hack/addheaders.sh b/packages/sonataflow-operator/hack/addheaders.sh
index 173bc28d59d..d15b682e3e6 100755
--- a/packages/sonataflow-operator/hack/addheaders.sh
+++ b/packages/sonataflow-operator/hack/addheaders.sh
@@ -17,10 +17,11 @@
# specific language governing permissions and limitations
# under the License.
if ! hash addlicense 2>/dev/null; then
- go install -modcacherw github.com/google/addlicense@latest
+ go install "github.com/google/addlicense@${version}"
# shellcheck disable=SC2035
-addlicense -f=hack/license-header.txt -ignore=test/samples/*.yaml -ignore=container-builder/examples/**/*.yaml hack api controllers utils test container-builder workflowproj bundle config ./operator.yaml
+addlicense -f=hack/license-header.txt -ignore=test/samples/*.yaml -ignore=container-builder/examples/**/*.yaml api bundle cmd config container-builder env hack images internal log test utils version workflowproj ./operator.yaml
diff --git a/packages/sonataflow-operator/hack/boilerplate.go.txt b/packages/sonataflow-operator/hack/boilerplate.go.txt
index 99ad906f25d..e3f5ab3c3d0 100644
--- a/packages/sonataflow-operator/hack/boilerplate.go.txt
+++ b/packages/sonataflow-operator/hack/boilerplate.go.txt
@@ -1,14 +1,18 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
\ No newline at end of file
diff --git a/packages/sonataflow-operator/hack/bump-version.sh b/packages/sonataflow-operator/hack/bump-version.sh
index 1db411598a8..ffc95cef13a 100755
--- a/packages/sonataflow-operator/hack/bump-version.sh
+++ b/packages/sonataflow-operator/hack/bump-version.sh
@@ -23,12 +23,16 @@ set -e
script_dir_path=$(dirname "${BASH_SOURCE[0]}")
source "${script_dir_path}"/env.sh
-imageName=$(pnpm build-env sontaflowOperator.registry)/$(pnpm build-env sontaflowOperator.account)/$(pnpm build-env sontaflowOperator.name)
-imageTag=$(pnpm build-env sontaflowOperator.buildTag)
-version=$(pnpm build-env sontaflowOperator.version)
+imageName=$(pnpm build-env sonataFlowOperator.registry)/$(pnpm build-env sonataFlowOperator.account)/$(pnpm build-env sonataFlowOperator.name)
+imageTag=$(pnpm build-env sonataFlowOperator.buildTag)
+version=$(pnpm build-env sonataFlowOperator.version)
-targetSonataflowBuilderImage=$(pnpm build-env sontaflowOperator.sonataflowBuilderImage)
-targetSonataflowDevModeImage=$(pnpm build-env sontaflowOperator.sonataflowDevModeImage)
+targetSonataflowBuilderImage=$(pnpm build-env sonataFlowOperator.sonataflowBuilderImage)
+targetSonataflowDevModeImage=$(pnpm build-env sonataFlowOperator.sonataflowDevModeImage)
+targetKogitoDataIndexEphemeralImage=$(pnpm build-env sonataFlowOperator.kogitoDataIndexEphemeralImage)
+targetKogitoDataIndexPostgresqlImage=$(pnpm build-env sonataFlowOperator.kogitoDataIndexPostgresqlImage)
+targetKogitoJobsServiceEphemeralImage=$(pnpm build-env sonataFlowOperator.kogitoJobsServiceEphemeralImage)
+targetKogitoJobsServicePostgresqlImage=$(pnpm build-env sonataFlowOperator.kogitoJobsServicePostgresqlImage)
if [ -z "${version}" ]; then
echo "Please inform the new version"
@@ -41,11 +45,6 @@ targetSonataflowOperatorImage="${imageName}:${imageTag}"
echo "Set new version to ${version} (majorMinor = ${newMajorMinorVersion}, imageName:imageTag = ${targetSonataflowOperatorImage})"
-node -p "require('replace-in-file').sync({ from: /\bVERSION\ \?=.*\b/g, to: 'VERSION ?= ${version}', files: ['./Makefile'] });"
-node -p "require('replace-in-file').sync({ from: /\bREDUCED_VERSION\ \?=.*\b/g, to: 'REDUCED_VERSION ?= ${newMajorMinorVersion}', files: ['./Makefile'] });"
-node -p "require('replace-in-file').sync({ from: /\bIMAGE_TAG\ \?=.*\b/g, to: 'IMAGE_TAG ?= ${imageTag}', files: ['./Makefile'] });"
-node -p "require('replace-in-file').sync({ from: /\bIMAGE_TAG_BASE\ \?=.*\b/g, to: 'IMAGE_TAG_BASE ?= ${imageName}', files: ['./Makefile'] });"
node -p "require('replace-in-file').sync({ from: /\bnewTag:.*\b/g, to: 'newTag: ${version}', files: ['./config/manager/kustomization.yaml'] });"
node -p "require('replace-in-file').sync({ from: /\bnewName:.*\b/g, to: 'newName: ${imageName}', files: ['./config/manager/kustomization.yaml'] });"
@@ -56,14 +55,19 @@ node -p "require('replace-in-file').sync({ from: /\bversion: .*\b/g, to: 'versio
node -p "require('replace-in-file').sync({ from: /docker\.io\/apache\/incubator-kie-sonataflow-builder:[\w\.]*/g, to: '${targetSonataflowBuilderImage}', files: ['**/*.yaml', '**/*.containerfile', '**/*.dockerfile', '**/*Dockerfile', '**/*.go'] });"
node -p "require('replace-in-file').sync({ from: /docker\.io\/apache\/incubator-kie-sonataflow-devmode:[\w\.]*/g, to: '${targetSonataflowDevModeImage}', files: ['**/*.yaml', '**/*.containerfile', '**/*.dockerfile', '**/*Dockerfile', '**/*.go'] });"
node -p "require('replace-in-file').sync({ from: /docker\.io\/apache\/incubator-kie-sonataflow-operator:[\w\.]*/g, to: '${targetSonataflowOperatorImage}', files: ['**/*.yaml', '**/*.containerfile', '**/*.dockerfile', '**/*Dockerfile', '**/*.go'] });"
+node -p "require('replace-in-file').sync({ from: /docker\.io\/apache\/incubator-kie-kogito-data-index-ephemeral:[\w\.]*/g, to: '${targetKogitoDataIndexEphemeralImage}', files: ['**/*.yaml', '**/*.containerfile', '**/*.dockerfile', '**/*Dockerfile', '**/*.go'] });"
+node -p "require('replace-in-file').sync({ from: /docker\.io\/apache\/incubator-kie-kogito-data-index-postgresql:[\w\.]*/g, to: '${targetKogitoDataIndexPostgresqlImage}', files: ['**/*.yaml', '**/*.containerfile', '**/*.dockerfile', '**/*Dockerfile', '**/*.go'] });"
+node -p "require('replace-in-file').sync({ from: /docker\.io\/apache\/incubator-kie-kogito-jobs-service-ephemeral:[\w\.]*/g, to: '${targetKogitoJobsServiceEphemeralImage}', files: ['**/*.yaml', '**/*.containerfile', '**/*.dockerfile', '**/*Dockerfile', '**/*.go'] });"
+node -p "require('replace-in-file').sync({ from: /docker\.io\/apache\/incubator-kie-kogito-jobs-service-postgresql:[\w\.]*/g, to: '${targetKogitoJobsServicePostgresqlImage}', files: ['**/*.yaml', '**/*.containerfile', '**/*.dockerfile', '**/*Dockerfile', '**/*.go'] });"
node -p "require('replace-in-file').sync({ from: /sonataflow-operator-system\/sonataflow-operator:[\w\.]*/g, to: 'sonataflow-operator-system/sonataflow-operator:${imageTag}', files: ['**/*.yaml'] });"
-node -p "require('replace-in-file').sync({ from: /\bOperatorVersion = .*/g, to: 'OperatorVersion = \"${version}\"', files: ['version/version.go'] });"
+node -p "require('replace-in-file').sync({ from: /\boperatorVersion = .*/g, to: 'operatorVersion = \"${version}\"', files: ['version/version.go'] });"
node -p "require('replace-in-file').sync({ from: /\btagVersion = .*/g, to: 'tagVersion = \"${imageTag}\"', files: ['version/version.go'] });"
-node -p "require('replace-in-file').sync({ from: /\bkogitoImagesTagVersion = .*/g, to: 'kogitoImagesTagVersion = \"${imageTag}\"', files: ['version/version.go'] });"
node -p "require('replace-in-file').sync({ from: /\bcontainerImage:.*\b/g, to: 'containerImage: ${targetSonataflowOperatorImage}', files: ['$(getCsvFile)'] });"
make generate-all
make vet
-echo "Version bumped to ${new_version}"
+echo "Version bumped to ${version}"
diff --git a/packages/sonataflow-operator/hack/ci/install-minikube.sh b/packages/sonataflow-operator/hack/ci/install-minikube.sh
deleted file mode 100755
index bd4a9151da9..00000000000
--- a/packages/sonataflow-operator/hack/ci/install-minikube.sh
+++ /dev/null
@@ -1,61 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-set -e
-if [[ -z ${MINIKUBE_VERSION} ]]; then
- MINIKUBE_VERSION=$default_minikube_version
-echo "---> Minikube version to install is ${MINIKUBE_VERSION}"
-# get the arch and os
-arch=$(uname -m)
-case $(uname -m) in
-"x86_64") arch="amd64" ;;
-"aarch64") arch="arm64" ;;
-os=$(uname | awk '{print tolower($0)}')
-if [ -e "${download_path}/minikube-${os}-${arch}" ]; then
- echo "---> Minikube ${MINIKUBE_VERSION} (OS ${os} Architecture ${arch}) already exists in '${download_path}', skipping downloading"
- mkdir -p "${download_path}"
- cd "${download_path}"
- echo "---> Downloading minikube ${MINIKUBE_VERSION} (OS ${os} Architecture ${arch}) to ${download_path}"
- curl -LO "https://storage.googleapis.com/minikube/releases/${MINIKUBE_VERSION}/minikube-${os}-${arch}"
- cd -
-if [ -z "${install_path}" ]; then
- install_path="${HOME}/runner/bin"
- [[ "${os}" == "darwin" ]]; install_path="${HOME}/runner/bin"
-echo "---> Ensuring minikube installation at ${install_path}"
-mkdir -p "${install_path}"
-chmod +x "${install_path}"
-cp "${download_path}/minikube-${os}-${arch}" "${install_path}/minikube"
diff --git a/packages/sonataflow-operator/hack/clean-cluster-operators.sh b/packages/sonataflow-operator/hack/clean-cluster-operators.sh
deleted file mode 100755
index 78330bedb79..00000000000
--- a/packages/sonataflow-operator/hack/clean-cluster-operators.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-script_dir_path=`dirname "${BASH_SOURCE[0]}"`
-source ${script_dir_path}/env.sh
-function clean_installed_operators() {
- echo "--- Clean installplans in $1"
- get_and_clean_resources $1 'installplans.operators.coreos.com'
- echo "--- Clean subscriptions in $1"
- get_and_clean_resources $1 'subscriptions.operators.coreos.com'
- echo "--- Clean clusterserviceversions in $1"
- get_and_clean_resources $1 'clusterserviceversions.operators.coreos.com'
-clean_installed_operators 'openshift-operators'
-clean_installed_operators 'operators'
diff --git a/packages/sonataflow-operator/hack/clean-crds.sh b/packages/sonataflow-operator/hack/clean-crds.sh
deleted file mode 100755
index 722e52568fb..00000000000
--- a/packages/sonataflow-operator/hack/clean-crds.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-script_dir_path=`dirname "${BASH_SOURCE[0]}"`
-source ${script_dir_path}/env.sh
-clean_cluster_resources 'crds' "$(getAllDependentCrds)"
\ No newline at end of file
diff --git a/packages/sonataflow-operator/hack/clean-stuck-namespaces.sh b/packages/sonataflow-operator/hack/clean-stuck-namespaces.sh
deleted file mode 100755
index 67509b621d9..00000000000
--- a/packages/sonataflow-operator/hack/clean-stuck-namespaces.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-script_dir_path=`dirname "${BASH_SOURCE[0]}"`
-source ${script_dir_path}/env.sh
-DIR=$(mktemp -d)
-oc get namespaces | grep "Terminating" | awk -F " " '{print $1}' > ${DIR}/projects
-while read project
- echo "Stuck project ${project}"
- for resource in $(getAllDependentCrds all)
- do
- oc get $resource -n "${project}" | grep -v "NAME" | awk -F " " '{print $1}' > ${DIR}/$resource-instances
- while read instance
- do
- echo "Remove finalizer from $resource ${instance} from project ${project}"
- oc patch $resource ${instance} -n ${project} -p '{"metadata":{"finalizers":[]}}' --type=merge
- done < ${DIR}/$resource-instances
- rm ${DIR}/$resource-instances
- done
-done < ${DIR}/projects
-echo "Projects deleted:"
-cat ${DIR}/projects
-# Cleanup
-rm ${DIR}/projects
\ No newline at end of file
diff --git a/packages/sonataflow-operator/hack/ci/create-kind-cluster-with-registry.sh b/packages/sonataflow-operator/hack/create-kind-cluster-with-registry.sh
similarity index 78%
rename from packages/sonataflow-operator/hack/ci/create-kind-cluster-with-registry.sh
rename to packages/sonataflow-operator/hack/create-kind-cluster-with-registry.sh
index 56003baf501..03170e7cf39 100755
--- a/packages/sonataflow-operator/hack/ci/create-kind-cluster-with-registry.sh
+++ b/packages/sonataflow-operator/hack/create-kind-cluster-with-registry.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -16,10 +15,11 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -o errexit
@@ -35,6 +35,21 @@ reg_port='5001'
cat < /dev/null;
- echo "brew command not available in the system, please install brewkoji package"
- exit 1
-if [ $# -eq 0 ];
- echo "$0: Missing the OpenShift Serverless Logic version input"
- exit 1
-for brewPackageName in ${imagesBrewPackageName[@]}; do
- echo "Finding latest Brew build for package ${brewPackageName}"
- brewBuild=$(brew latest-build ${brewTag} ${brewPackageName} | tail -n1 | cut -d ' ' -f1)
- echo "Found Brew build: ${brewBuild}"
- imageSha=$(brew buildinfo "${brewBuild}" | awk -F'Extra: ' '{print $2}' | tr \' \" | sed 's|False|\"false\"|g' | sed 's|True|\"true\"|g' | sed 's|None|\"\"|g' | jq -r '.image.index.pull[0]'| cut -d "@" -f2)
- echo "Image sha: ${imageSha}"
- echo "---"
diff --git a/packages/sonataflow-operator/hack/go-path.sh b/packages/sonataflow-operator/hack/go-path.sh
index b4d9e42a8d0..56066af80a0 100755
--- a/packages/sonataflow-operator/hack/go-path.sh
+++ b/packages/sonataflow-operator/hack/go-path.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,7 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# enforce GOROOT
# shellcheck disable=SC2155
diff --git a/packages/sonataflow-operator/hack/goimports.sh b/packages/sonataflow-operator/hack/goimports.sh
index c50bc91d752..104ea95265d 100755
--- a/packages/sonataflow-operator/hack/goimports.sh
+++ b/packages/sonataflow-operator/hack/goimports.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,9 +15,10 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
source ./hack/go-path.sh
-command -v goimports >/dev/null || go install -modcacherw golang.org/x/tools/cmd/goimports@latest
-goimports -local github.com/kiegroup -l -w .
\ No newline at end of file
+command -v goimports >/dev/null || go install "golang.org/x/tools/cmd/goimports@${version}"
+goimports -local github.com/apache -l -w .
\ No newline at end of file
diff --git a/packages/sonataflow-operator/hack/ci/install-operator-sdk.sh b/packages/sonataflow-operator/hack/install-operator-sdk.sh
similarity index 96%
rename from packages/sonataflow-operator/hack/ci/install-operator-sdk.sh
rename to packages/sonataflow-operator/hack/install-operator-sdk.sh
index 2e72a1aa960..2aeba0ca356 100755
--- a/packages/sonataflow-operator/hack/ci/install-operator-sdk.sh
+++ b/packages/sonataflow-operator/hack/install-operator-sdk.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,11 +15,9 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -e
if [[ -z ${OPERATOR_SDK_VERSION} ]]; then
diff --git a/packages/sonataflow-operator/hack/kube-utils.sh b/packages/sonataflow-operator/hack/kube-utils.sh
deleted file mode 100755
index 4acc2f5c37f..00000000000
--- a/packages/sonataflow-operator/hack/kube-utils.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-getKubeSystemPodStatusConditions() {
- kubectl get pods $1 -n kube-system -o json | jq '.items[].status.conditions[]'
-getKubeSystemPodReadyStatus() {
- echo $(kubectl get pods $1 -n kube-system -o json | jq -r '.items[].status.conditions[] | select(.type == "Ready") | .status')
-waitKubeSystemForPodReady() {
- local selector=${1}
- local timeout_time=${2:-60s}
- export -f getKubeSystemPodStatusConditions
- export -f getKubeSystemPodReadyStatus
- echo "Wait for Kube System pod with selector '${selector}' and timeout ${timeout_time}"
- timeout ${timeout_time} bash -c "getKubeSystemPodStatusConditions '${selector}' && while [[ \"$(getKubeSystemPodReadyStatus "${selector}")\" != "True" ]] ; do sleep 2 && getKubeSystemPodStatusConditions '${selector}'; done"
\ No newline at end of file
diff --git a/packages/sonataflow-operator/hack/license-header.txt b/packages/sonataflow-operator/hack/license-header.txt
index 90705e02e05..60b675e3101 100644
--- a/packages/sonataflow-operator/hack/license-header.txt
+++ b/packages/sonataflow-operator/hack/license-header.txt
@@ -13,4 +13,4 @@ software distributed under the License is distributed on an
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
-under the License.
\ No newline at end of file
+under the License.
diff --git a/packages/sonataflow-operator/hack/local/build-simple-workflow.sh b/packages/sonataflow-operator/hack/local/build-simple-workflow.sh
deleted file mode 100755
index 9ddb4dcc349..00000000000
--- a/packages/sonataflow-operator/hack/local/build-simple-workflow.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-rm -rf /tmp/simpleworkflow
-mkdir -p /tmp/simpleworkflow
-cp ./config/manager/sonataflow_builder_dockerfile.yaml /tmp/simpleworkflow/Dockerfile
-cp ./workflowproj/testdata/workflows/workflow-minimal.sw.json /tmp/simpleworkflow/workflow-minimal.sw.json
-docker build -t docker.io/apache/incubator-kie-sonataflow-minimal-example:latest /tmp/simpleworkflow/
diff --git a/packages/sonataflow-operator/hack/local/greeting_example_deploy.sh b/packages/sonataflow-operator/hack/local/greeting_example_deploy.sh
deleted file mode 100755
index cb1c4072c43..00000000000
--- a/packages/sonataflow-operator/hack/local/greeting_example_deploy.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-if [ -z "${registry}" ]; then
- registry="docker.io/${USERNAME}"
- echo "No registry given. Setting up default."
-echo "Using registry '${registry}'"
-echo "Using image '${img}'"
-kubectl create namespace sonataflow
-kubectl create secret generic regcred --from-file=.dockerconfigjson=${HOME}/.docker/config.json --type=kubernetes.io/dockerconfigjson -n sonataflow
-# make sure cekit is installed: https://docs.cekit.io/en/latest/handbook/installation/instructions.html
-make container-build BUILDER=docker IMG="${img}"
-make deploy IMG="${img}"
-# shellcheck disable=SC2002
-cat config/samples/sonataflow.org_v1alpha08_sonataflowplatform.yaml | sed "s|address: .*|address: ${registry}|g" | kubectl apply -n sonataflow -f -
-sleep 10
-kubectl apply -f config/samples/sonataflow.org_v1alpha08_sonataflowplatform.yaml -n sonataflow
diff --git a/packages/sonataflow-operator/hack/local/greeting_example_remove.sh b/packages/sonataflow-operator/hack/local/greeting_example_remove.sh
deleted file mode 100755
index fbe74a06260..00000000000
--- a/packages/sonataflow-operator/hack/local/greeting_example_remove.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-kubectl delete -f config/samples/sonataflow.org_v1alpha08_sonataflow.yaml -n sonataflow
-if [ "${remove_operator}" = '-A' ] || [ "${remove_operator}" = '--all' ]; then
- echo 'Removing the operator from the cluster'
- kubectl delete namespace sonataflow
- make undeploy
\ No newline at end of file
diff --git a/packages/sonataflow-operator/hack/local/run-e2e-crc.sh b/packages/sonataflow-operator/hack/local/run-e2e-crc.sh
index 819d22f3804..c421f797106 100755
--- a/packages/sonataflow-operator/hack/local/run-e2e-crc.sh
+++ b/packages/sonataflow-operator/hack/local/run-e2e-crc.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,7 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# runs the e2e locally on crc
@@ -24,7 +22,7 @@ oc registry login --insecure=true
docker login -u $(oc whoami) -p $(oc whoami -t) default-route-openshift-image-registry.apps-crc.testing
oc new-project "${NAMESPACE}"
-export OPERATOR_IMAGE_NAME=default-route-openshift-image-registry.apps-crc.testing/"${NAMESPACE}"/sonataflow-operator:"$(pnpm build-env rootEnv.env.root.streamName)"
+export OPERATOR_IMAGE_NAME=default-route-openshift-image-registry.apps-crc.testing/"${NAMESPACE}"/sonataflow-operator:latest
if ! make container-build BUILDER=docker IMG="${OPERATOR_IMAGE_NAME}"; then
echo "Failure: Failed to build image, exiting " >&2
exit 1
diff --git a/packages/sonataflow-operator/hack/local/run-e2e.sh b/packages/sonataflow-operator/hack/local/run-e2e.sh
index 41966ee6716..945186133c6 100755
--- a/packages/sonataflow-operator/hack/local/run-e2e.sh
+++ b/packages/sonataflow-operator/hack/local/run-e2e.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,24 +15,61 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# runs the e2e locally
# You must have minikube installed
-echo "Using minikube profile ${MINIKUBE_PROFILE}"
-export OPERATOR_IMAGE_NAME=localhost/sonataflow-operator:0.0.1
+TEST_LABELS=${3:-"flows-ephemeral"} # possible values are flows-ephemeral, flows-persistence, platform, cluster
-# clean up previous runs
-kubectl get namespaces -o name | awk -F/ '/^namespace\/test/ {print $2}' | xargs kubectl delete namespace
-make undeploy ignore-not-found=true
-make deploy IMG="${OPERATOR_IMAGE_NAME}"
+# Emoticons and enhanced messages
+echo "🚀 Using minikube profile ${MINIKUBE_PROFILE}"
+export OPERATOR_IMAGE_NAME=localhost/kogito-serverless-operator:0.0.1
+# Check if the minikube registry addon is enabled
+if ! minikube addons list | grep -q "registry.*enabled"; then
+ echo "🔌 Enabling minikube registry addon..."
+ minikube addons enable registry
+ echo "✅ Minikube registry addon is already enabled."
+# clean up previous runs, hiding logs
+echo "🧹 Cleaning up previous test namespaces..."
+kubectl get namespaces -o name | awk -F/ '/^namespace\/test/ {print $2}' | xargs kubectl delete namespace &> /dev/null
+if [ "${SKIP_UNDEPLOY}" = false ]; then
+ echo "🧹 Cleaning up previous test resources namespace..."
+ kubectl delete namespace e2e-resources &> /dev/null
+ echo "🧹 Undeploying previous instances..."
+ make undeploy ignore-not-found=true &> /dev/null
-eval "$(minikube -p "${MINIKUBE_PROFILE}" docker-env)"
-if ! make container-build BUILDER=docker IMG="${OPERATOR_IMAGE_NAME}"; then
- echo "Failure: Failed to build image, exiting " >&2
- exit 1
+# Image build process
+if [ "${SKIP_IMG_BUILD}" = "false" ]; then
+ # Check if cekit is available
+ if ! command -v cekit &> /dev/null; then
+ echo "❌ cekit command not found. Please install cekit before proceeding." >&2
+ exit 1
+ fi
+ echo "📦 Installing required Python packages for cekit..."
+ if ! pip install -r ./images/requirements.txt &> /dev/null; then
+ echo "❌ Failed to install required Python packages. Please check your requirements file." >&2
+ exit 1
+ fi
+ echo "🔨 Building operator image..."
+ eval "$(minikube -p "${MINIKUBE_PROFILE}" docker-env)"
+ if ! make container-build BUILDER=docker IMG="${OPERATOR_IMAGE_NAME}" ; then
+ echo "❌ Failure: Failed to build image, exiting." >&2
+ exit 1
+ fi
+ echo "⏩ Skipping operator image build..."
-make deploy IMG="${OPERATOR_IMAGE_NAME}"
-make test-e2e
+# Deploy and run tests, keeping logs visible for tests only
+echo "🚀 Deploying operator..."
+make deploy IMG="${OPERATOR_IMAGE_NAME}" &> /dev/null
+echo "🧪 Running e2e tests with label ${TEST_LABELS}..."
+make test-e2e label="${TEST_LABELS}"
diff --git a/packages/sonataflow-operator/hack/local/run-operator.sh b/packages/sonataflow-operator/hack/local/run-operator.sh
index e31651d5e8e..8b57477c01a 100755
--- a/packages/sonataflow-operator/hack/local/run-operator.sh
+++ b/packages/sonataflow-operator/hack/local/run-operator.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,9 +15,11 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Runs the operator locally via go main
+POD_NAMESPACE=$(kubectl config view --minify | grep namespace | cut -d" " -f6)
kubectl delete --ignore-not-found=true -f ./bundle/manifests/sonataflow.org_sonataflowclusterplatforms.yaml
kubectl delete --ignore-not-found=true -f ./bundle/manifests/sonataflow.org_sonataflowplatforms.yaml
diff --git a/packages/sonataflow-operator/images/bundle.yaml b/packages/sonataflow-operator/images/bundle.yaml
index ce20008ca2a..8681e732d98 100644
--- a/packages/sonataflow-operator/images/bundle.yaml
+++ b/packages/sonataflow-operator/images/bundle.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,12 +14,11 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
schema_version: 1
name: "sonataflow-operator-bundle"
description: "SonataFlow Operator Bundle"
-version: 0.0.0
+version: 0.0.0"
from: "scratch"
@@ -47,7 +45,7 @@ labels:
- name: operators.operatorframework.io.metrics.mediatype.v1
value: metrics+v1
- name: operators.operatorframework.io.metrics.builder
- value: operator-sdk-v1.25.0
+ value: operator-sdk-v1.35.0
- name: operators.operatorframework.io.metrics.project_layout
value: go.kubebuilder.io/v3
- name: operators.operatorframework.io.test.config.v1
diff --git a/packages/sonataflow-operator/images/manager.yaml b/packages/sonataflow-operator/images/manager.yaml
index e3d0fafca84..bf89d56a31c 100644
--- a/packages/sonataflow-operator/images/manager.yaml
+++ b/packages/sonataflow-operator/images/manager.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,11 +14,10 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
- name: operator-builder
- version: 0.0.0
- from: "golang:1.21.6"
+ version: 0.0.0"
+ from: "golang:1.22"
description: Builder Image for the Operator
@@ -35,7 +33,7 @@
- name: sonataflow-operator
version: 0.0.0
- from: "registry.access.redhat.com/ubi9/ubi-micro:9.3-9"
+ from: "registry.access.redhat.com/ubi9/ubi-micro:9.5-1731519709"
description: Runtime Image for the Operator
diff --git a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.bundle/module.yaml b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.bundle/module.yaml
index 7a8fa6e1fec..a5ddd386880 100644
--- a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.bundle/module.yaml
+++ b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.bundle/module.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,10 +14,9 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
name: org.apache.kie.sonataflow.bundle
-version: "1.0"
+version: "main"
description: Copy the bundle files to the target image
diff --git a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.goModDownload/install.sh b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.goModDownload/install.sh
index dfa12d28413..e2d36e4f6ef 100755
--- a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.goModDownload/install.sh
+++ b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.goModDownload/install.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,8 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -e
cd /workspace
go mod download
\ No newline at end of file
diff --git a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.goModDownload/module.yaml b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.goModDownload/module.yaml
index 149367ba37d..fa19a6838b4 100644
--- a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.goModDownload/module.yaml
+++ b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.goModDownload/module.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,10 +14,9 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
name: org.apache.kie.sonataflow.goModDownload
-version: "1.0"
+version: "main"
description: Download and cache the modules
- name: gomod
diff --git a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.operatorBuilder/install.sh b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.operatorBuilder/install.sh
index 4e0a594ec86..fac64ed1c12 100644
--- a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.operatorBuilder/install.sh
+++ b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.operatorBuilder/install.sh
@@ -1,5 +1,4 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -8,7 +7,7 @@
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
@@ -16,9 +15,7 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -e
cd /workspace
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags=-buildid= -a -o manager main.go;
\ No newline at end of file
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags=-buildid= -a -o manager cmd/main.go;
\ No newline at end of file
diff --git a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.operatorBuilder/module.yaml b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.operatorBuilder/module.yaml
index 3e020c63131..95f3252a510 100644
--- a/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.operatorBuilder/module.yaml
+++ b/packages/sonataflow-operator/images/modules/org.apache.kie.sonataflow.operatorBuilder/module.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,21 +14,20 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
name: org.apache.kie.sonataflow.operatorBuilder
-version: "1.0"
+version: "main"
description: Builds the operator binary
- name: main
- path: "../../../../main.go"
+ path: "../../../../cmd/main.go"
target: "main.go"
- dest: /workspace/
+ dest: /workspace/cmd
- name: controllers
- path: "../../../../controllers"
- dest: /workspace/controllers
+ path: "../../../../internal/controller"
+ dest: /workspace/internal/controller
- name: version
path: "../../../../version"
diff --git a/packages/sonataflow-operator/images/requirements.txt b/packages/sonataflow-operator/images/requirements.txt
index c0ed2e16a76..4379d7c9cb9 100644
--- a/packages/sonataflow-operator/images/requirements.txt
+++ b/packages/sonataflow-operator/images/requirements.txt
@@ -1,10 +1,21 @@
-# Requirements for cekit 4.12.0 build
+# Requirements for cekit 4.11.0 build
# see: https://pip.pypa.io/en/stable/reference/requirements-file-format/
-cekit == 4.11.0
diff --git a/packages/sonataflow-operator/install.js b/packages/sonataflow-operator/install.js
index 86521e71e5b..cd9c5c35ecb 100644
--- a/packages/sonataflow-operator/install.js
+++ b/packages/sonataflow-operator/install.js
@@ -21,25 +21,55 @@ const fs = require("fs");
const path = require("path");
const { env } = require("./env");
-const sonataflowPlatformFiles = fs
- .readdirSync(path.resolve(__dirname, "test/testdata"), {
- recursive: true,
- })
- .filter((fileName) => fileName.endsWith("02-sonataflow_platform.yaml"));
-sonataflowPlatformFiles.forEach((filePath) => {
- const fullFilePath = path.resolve(__dirname, path.join("test/testdata"), filePath);
- fs.writeFileSync(
- fullFilePath,
- fs
- .readFileSync(fullFilePath, "utf-8")
- .replace(
- /org\.kie:kie-addons-quarkus-persistence-jdbc:[^,\n]*/,
- `org.kie:kie-addons-quarkus-persistence-jdbc:${env.versions.kogito}`
- )
- .replace(
- /org\.kie\.kogito:kogito-addons-quarkus-jobs-knative-eventing:[^,\n]*/,
- `org.kie.kogito:kogito-addons-quarkus-jobs-knative-eventing:${env.versions.kogito}`
- )
- );
+function getAllYamlFiles(dir) {
+ let results = [];
+ const list = fs.readdirSync(dir);
+ list.forEach((file) => {
+ const fullPath = path.join(dir, file);
+ const stat = fs.statSync(fullPath);
+ // Skip node_modules directory
+ if (stat && stat.isDirectory() && file !== "node_modules") {
+ // Recurse into subdirectory
+ results = results.concat(getAllYamlFiles(fullPath));
+ } else if (file.endsWith(".yaml")) {
+ // Add .yaml file to results
+ results.push(fullPath);
+ }
+ });
+ return results;
+const baseDir = path.resolve(__dirname, ".");
+const yamlFiles = getAllYamlFiles(baseDir);
+yamlFiles.forEach((filePath) => {
+ const updatedContent = fs
+ .readFileSync(filePath, "utf-8")
+ .replace(
+ /org\.kie:kie-addons-quarkus-persistence-jdbc:\S*/,
+ `org.kie:kie-addons-quarkus-persistence-jdbc:${env.versions.kogito}`
+ )
+ .replace(
+ /org\.kie\.kogito:kogito-addons-quarkus-jobs-knative-eventing:\S*/,
+ `org.kie.kogito:kogito-addons-quarkus-jobs-knative-eventing:${env.versions.kogito}`
+ )
+ .replace(
+ /- groupId: io\.quarkus\s+artifactId: quarkus-jdbc-postgresql\s+version: \S+/g,
+ `- groupId: io.quarkus\n artifactId: quarkus-jdbc-postgresql\n version: ${env.versions.quarkus}`
+ )
+ .replace(
+ /- groupId: io\.quarkus\s+artifactId: quarkus-agroal\s+version: \S+/g,
+ `- groupId: io.quarkus\n artifactId: quarkus-agroal\n version: ${env.versions.quarkus}`
+ )
+ .replace(
+ /- groupId: org\.kie\s+artifactId: kie-addons-quarkus-persistence-jdbc\s+version: \S+/g,
+ `- groupId: org.kie\n artifactId: kie-addons-quarkus-persistence-jdbc\n version: ${env.versions.kogito}`
+ );
+ fs.writeFileSync(filePath, updatedContent);
+ console.log(`Updated: ${filePath}`);
diff --git a/packages/sonataflow-operator/controllers/builder/builder.go b/packages/sonataflow-operator/internal/controller/builder/builder.go
similarity index 98%
rename from packages/sonataflow-operator/controllers/builder/builder.go
rename to packages/sonataflow-operator/internal/controller/builder/builder.go
index 05ace240149..25bad566d4b 100644
--- a/packages/sonataflow-operator/controllers/builder/builder.go
+++ b/packages/sonataflow-operator/internal/controller/builder/builder.go
@@ -30,7 +30,7 @@ import (
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
diff --git a/packages/sonataflow-operator/controllers/builder/config.go b/packages/sonataflow-operator/internal/controller/builder/config.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/builder/config.go
rename to packages/sonataflow-operator/internal/controller/builder/config.go
index 374f6a2e8d7..c14852eacb6 100644
--- a/packages/sonataflow-operator/controllers/builder/config.go
+++ b/packages/sonataflow-operator/internal/controller/builder/config.go
@@ -24,7 +24,6 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -32,6 +31,8 @@ import (
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
diff --git a/packages/sonataflow-operator/controllers/builder/containerbuilder.go b/packages/sonataflow-operator/internal/controller/builder/containerbuilder.go
similarity index 89%
rename from packages/sonataflow-operator/controllers/builder/containerbuilder.go
rename to packages/sonataflow-operator/internal/controller/builder/containerbuilder.go
index 523360bc392..353ec8a29f1 100644
--- a/packages/sonataflow-operator/controllers/builder/containerbuilder.go
+++ b/packages/sonataflow-operator/internal/controller/builder/containerbuilder.go
@@ -22,17 +22,22 @@ package builder
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj"
+ corev1 "k8s.io/api/core/v1"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
clientr "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
@@ -52,6 +57,7 @@ type kanikoBuildInput struct {
task *api.KanikoTask
workflowDefinition []byte
workflow *operatorapi.SonataFlow
+ workflowProperties []operatorapi.ConfigMapWorkflowResource
dockerfile string
imageTag string
@@ -139,6 +145,7 @@ func (c *containerBuilderManager) scheduleNewKanikoBuildWithContainerFile(build
task: task,
workflowDefinition: workflowDef,
workflow: workflow,
+ workflowProperties: buildWorkflowPropertyResources(workflow),
dockerfile: platform.GetCustomizedBuilderDockerfile(c.builderConfigMap.Data[defaultBuilderResourceName], *c.platform),
imageTag: buildNamespacedImageTag(workflow),
@@ -200,6 +207,11 @@ func newBuild(buildInput kanikoBuildInput, platform api.PlatformContainerBuild,
newBuilder.AddConfigMapResource(res.ConfigMap, res.WorkflowPath)
+ //make the workflow properties available to the kaniko build.
+ for _, props := range buildInput.workflowProperties {
+ newBuilder.AddConfigMapResource(props.ConfigMap, props.WorkflowPath)
+ }
return newBuilder.Scheduler().
@@ -213,3 +225,10 @@ func newBuild(buildInput kanikoBuildInput, platform api.PlatformContainerBuild,
func buildNamespacedImageTag(workflow *operatorapi.SonataFlow) string {
return workflow.Namespace + "/" + workflowdef.GetWorkflowAppImageNameTag(workflow)
+func buildWorkflowPropertyResources(workflow *operatorapi.SonataFlow) []operatorapi.ConfigMapWorkflowResource {
+ return []operatorapi.ConfigMapWorkflowResource{
+ {ConfigMap: corev1.LocalObjectReference{Name: workflowproj.GetWorkflowUserPropertiesConfigMapName(workflow)}, WorkflowPath: ""},
+ {ConfigMap: corev1.LocalObjectReference{Name: workflowproj.GetWorkflowManagedPropertiesConfigMapName(workflow)}, WorkflowPath: ""},
+ }
diff --git a/packages/sonataflow-operator/controllers/builder/kogitoserverlessbuild_manager.go b/packages/sonataflow-operator/internal/controller/builder/kogitoserverlessbuild_manager.go
similarity index 60%
rename from packages/sonataflow-operator/controllers/builder/kogitoserverlessbuild_manager.go
rename to packages/sonataflow-operator/internal/controller/builder/kogitoserverlessbuild_manager.go
index 276fe18d67e..b0585c86242 100644
--- a/packages/sonataflow-operator/controllers/builder/kogitoserverlessbuild_manager.go
+++ b/packages/sonataflow-operator/internal/controller/builder/kogitoserverlessbuild_manager.go
@@ -21,16 +21,24 @@ package builder
import (
+ "strings"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ v1 "k8s.io/api/core/v1"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/persistence"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+const QuarkusExtensionsBuildArg = "QUARKUS_EXTENSIONS"
var _ SonataFlowBuildManager = &sonataFlowBuildManager{}
type sonataFlowBuildManager struct {
@@ -54,7 +62,11 @@ func (k *sonataFlowBuildManager) GetOrCreateBuild(workflow *operatorapi.SonataFl
if plat, err = platform.GetActivePlatform(k.ctx, k.client, workflow.Namespace); err != nil {
return nil, err
- buildInstance.Spec.BuildTemplate = plat.Spec.Build.Template
+ workflowBuildTemplate := plat.Spec.Build.Template.DeepCopy()
+ if persistence.UsesPostgreSQLPersistence(workflow, plat) {
+ addPersistenceExtensions(workflowBuildTemplate)
+ }
+ buildInstance.Spec.BuildTemplate = *workflowBuildTemplate
if err = controllerutil.SetControllerReference(workflow, buildInstance, k.client.Scheme()); err != nil {
return nil, err
@@ -86,3 +98,44 @@ func NewSonataFlowBuildManager(ctx context.Context, client client.Client) Sonata
ctx: ctx,
+// addPersistenceExtensions Adds the persistence related extensions to the current BuildTemplate if none of them is
+// already provided. If any of them is detected, its assumed that users might already have provided them in the
+// SonataFlowPlatform, so we just let the provided configuration.
+func addPersistenceExtensions(template *operatorapi.BuildTemplate) {
+ quarkusExtensions := getBuildArg(template.BuildArgs, QuarkusExtensionsBuildArg)
+ if quarkusExtensions == nil {
+ template.BuildArgs = append(template.BuildArgs, v1.EnvVar{Name: QuarkusExtensionsBuildArg})
+ quarkusExtensions = &template.BuildArgs[len(template.BuildArgs)-1]
+ }
+ if !hasAnyExtensionPresent(quarkusExtensions, persistence.GetPostgreSQLExtensions()) {
+ for _, extension := range persistence.GetPostgreSQLExtensions() {
+ if len(quarkusExtensions.Value) > 0 {
+ quarkusExtensions.Value = quarkusExtensions.Value + ","
+ }
+ quarkusExtensions.Value = quarkusExtensions.Value + extension.String()
+ }
+ }
+func getBuildArg(buildArgs []v1.EnvVar, name string) *v1.EnvVar {
+ for i := 0; i < len(buildArgs); i++ {
+ if buildArgs[i].Name == name {
+ return &buildArgs[i]
+ }
+ }
+ return nil
+func hasAnyExtensionPresent(buildArg *v1.EnvVar, extensions []cfg.GAV) bool {
+ for _, extension := range extensions {
+ if isExtensionPresent(buildArg, extension) {
+ return true
+ }
+ }
+ return false
+func isExtensionPresent(buildArg *v1.EnvVar, extension cfg.GAV) bool {
+ return strings.Contains(buildArg.Value, extension.GroupAndArtifact())
diff --git a/packages/sonataflow-operator/internal/controller/builder/kogitoserverlessbuild_manager_test.go b/packages/sonataflow-operator/internal/controller/builder/kogitoserverlessbuild_manager_test.go
new file mode 100644
index 00000000000..dd8444a0aef
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/builder/kogitoserverlessbuild_manager_test.go
@@ -0,0 +1,182 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package builder
+import (
+ "testing"
+ "github.com/stretchr/testify/assert"
+ v1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/persistence"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
+func TestSonataFlowBuildManager_GetOrCreateBuildWithWorkflowPersistence(t *testing.T) {
+ // Current platform with no persistence
+ currentPlatform := operatorapi.SonataFlowPlatform{
+ ObjectMeta: metav1.ObjectMeta{Name: "current-platform"},
+ Spec: operatorapi.SonataFlowPlatformSpec{},
+ Status: operatorapi.SonataFlowPlatformStatus{},
+ }
+ // Persistence is configured in the workflow
+ workflow := operatorapi.SonataFlow{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "my-workflow",
+ },
+ Spec: operatorapi.SonataFlowSpec{
+ Persistence: &operatorapi.PersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PersistencePostgreSQL{},
+ },
+ },
+ Status: operatorapi.SonataFlowStatus{},
+ }
+ testGetOrCreateBuildWithPersistence(t, ¤tPlatform, &workflow)
+func TestSonataFlowBuildManager_GetOrCreateBuildWithPlatformPersistence(t *testing.T) {
+ // Persistence is configured in the platform
+ currentPlatform := operatorapi.SonataFlowPlatform{
+ ObjectMeta: metav1.ObjectMeta{Name: "current-platform"},
+ Spec: operatorapi.SonataFlowPlatformSpec{
+ Persistence: &operatorapi.PlatformPersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PlatformPersistencePostgreSQL{},
+ },
+ },
+ Status: operatorapi.SonataFlowPlatformStatus{},
+ }
+ // Workflow with no persistence
+ workflow := operatorapi.SonataFlow{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "my-workflow",
+ },
+ Status: operatorapi.SonataFlowStatus{},
+ }
+ testGetOrCreateBuildWithPersistence(t, ¤tPlatform, &workflow)
+func TestSonataFlowBuildManager_GetOrCreateBuildWithNoPersistence(t *testing.T) {
+ // Platform has no persistence
+ currentPlatform := operatorapi.SonataFlowPlatform{
+ ObjectMeta: metav1.ObjectMeta{Name: "current-platform"},
+ Spec: operatorapi.SonataFlowPlatformSpec{},
+ Status: operatorapi.SonataFlowPlatformStatus{},
+ }
+ // Workflow has no persistence
+ workflow := operatorapi.SonataFlow{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "my-workflow",
+ },
+ Status: operatorapi.SonataFlowStatus{},
+ }
+ buildManager := prepareGetOrCreateBuildTest(t, ¤tPlatform)
+ build, _ := buildManager.GetOrCreateBuild(&workflow)
+ assert.Equal(t, 0, len(build.Spec.BuildArgs))
+ test.RestoreControllersConfig(t)
+func testGetOrCreateBuildWithPersistence(t *testing.T, currentPlatform *operatorapi.SonataFlowPlatform, workflow *operatorapi.SonataFlow) {
+ buildManager := prepareGetOrCreateBuildTest(t, currentPlatform)
+ build, _ := buildManager.GetOrCreateBuild(workflow)
+ assert.NotNil(t, build)
+ assert.Equal(t, 1, len(build.Spec.BuildArgs))
+ assertContainsPersistence(t, build.Spec.BuildArgs, 0)
+ test.RestoreControllersConfig(t)
+func prepareGetOrCreateBuildTest(t *testing.T, currentPlatform *operatorapi.SonataFlowPlatform) sonataFlowBuildManager {
+ initializeControllersConfig(t)
+ platforms := operatorapi.NewSonataFlowPlatformList()
+ platforms.Items = []operatorapi.SonataFlowPlatform{*currentPlatform}
+ cli := test.NewSonataFlowClientBuilder().WithRuntimeObjects(&platforms).Build()
+ buildManager := sonataFlowBuildManager{
+ client: cli,
+ }
+ return buildManager
+func Test_addPersistenceExtensionsWithEmptyArgs(t *testing.T) {
+ initializeControllersConfig(t)
+ buildTemplate := &operatorapi.BuildTemplate{}
+ addPersistenceExtensions(buildTemplate)
+ assert.Equal(t, 1, len(buildTemplate.BuildArgs))
+ assertContainsPersistence(t, buildTemplate.BuildArgs, 0)
+ test.RestoreControllersConfig(t)
+func Test_addPersistenceExtensionsWithNoQuarkusExtensionsArg(t *testing.T) {
+ initializeControllersConfig(t)
+ buildTemplate := &operatorapi.BuildTemplate{
+ BuildArgs: []v1.EnvVar{
+ {Name: "VAR1"},
+ },
+ }
+ addPersistenceExtensions(buildTemplate)
+ assert.Equal(t, 2, len(buildTemplate.BuildArgs))
+ assertContainsPersistence(t, buildTemplate.BuildArgs, 1)
+ test.RestoreControllersConfig(t)
+func Test_addPersistenceExtensionsWithQuarkusExtensionsArgAndNoPersistenceExtensions(t *testing.T) {
+ initializeControllersConfig(t)
+ buildTemplate := &operatorapi.BuildTemplate{
+ BuildArgs: []v1.EnvVar{
+ {Name: "VAR1"},
+ {Name: "QUARKUS_EXTENSIONS", Value: "org.acme:org.acme.library:1.0.0"},
+ },
+ }
+ addPersistenceExtensions(buildTemplate)
+ assert.Equal(t, 2, len(buildTemplate.BuildArgs))
+ assertContainsPersistence(t, buildTemplate.BuildArgs, 1)
+ test.RestoreControllersConfig(t)
+func Test_addPersistenceExtensionsWithQuarkusExtensionsArgAndPersistenceExtensions(t *testing.T) {
+ initializeControllersConfig(t)
+ buildTemplate := &operatorapi.BuildTemplate{
+ BuildArgs: []v1.EnvVar{
+ {Name: "VAR1", Value: "VALUE1"},
+ {Name: "QUARKUS_EXTENSIONS", Value: "org.acme:org.acme.library:1.0.0,io.quarkus:quarkus-jdbc-postgresql:8.8.0.Final"},
+ },
+ }
+ addPersistenceExtensions(buildTemplate)
+ assert.Equal(t, 2, len(buildTemplate.BuildArgs))
+ assert.Equal(t, v1.EnvVar{Name: "VAR1", Value: "VALUE1"}, buildTemplate.BuildArgs[0])
+ assert.Equal(t, v1.EnvVar{Name: "QUARKUS_EXTENSIONS", Value: "org.acme:org.acme.library:1.0.0,io.quarkus:quarkus-jdbc-postgresql:8.8.0.Final"}, buildTemplate.BuildArgs[1])
+ test.RestoreControllersConfig(t)
+func initializeControllersConfig(t *testing.T) {
+ // emulate the controllers config initialization
+ cfg, err := cfg.InitializeControllersCfgAt("../cfg/testdata/controllers-cfg-test.yaml")
+ assert.NoError(t, err)
+ assert.NotNil(t, cfg)
+ assert.Equal(t, 3, len(cfg.PostgreSQLPersistenceExtensions))
+func assertContainsPersistence(t *testing.T, buildArgs []v1.EnvVar, position int) {
+ assert.GreaterOrEqual(t, len(buildArgs), position)
+ envVar := buildArgs[position]
+ assert.Equal(t, QuarkusExtensionsBuildArg, envVar.Name)
+ for _, extension := range persistence.GetPostgreSQLExtensions() {
+ assert.Contains(t, envVar.Value, extension.String())
+ }
diff --git a/packages/sonataflow-operator/controllers/builder/openshiftbuilder.go b/packages/sonataflow-operator/internal/controller/builder/openshiftbuilder.go
similarity index 94%
rename from packages/sonataflow-operator/controllers/builder/openshiftbuilder.go
rename to packages/sonataflow-operator/internal/controller/builder/openshiftbuilder.go
index 80d2852040a..f4f0b7ba255 100644
--- a/packages/sonataflow-operator/controllers/builder/openshiftbuilder.go
+++ b/packages/sonataflow-operator/internal/controller/builder/openshiftbuilder.go
@@ -23,7 +23,7 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/openshift"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/openshift"
buildv1 "github.com/openshift/api/build/v1"
imgv1 "github.com/openshift/api/image/v1"
@@ -36,12 +36,12 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
@@ -186,9 +186,6 @@ func (o *openshiftBuilderManager) newDefaultBuildConfig(build *operatorapi.Sonat
func (o *openshiftBuilderManager) addExternalResources(config *buildv1.BuildConfig, workflow *operatorapi.SonataFlow) error {
- if len(workflow.Spec.Resources.ConfigMaps) == 0 {
- return nil
- }
var configMapSources []buildv1.ConfigMapBuildSource
for _, workflowRes := range workflow.Spec.Resources.ConfigMaps {
configMapSources = append(configMapSources, buildv1.ConfigMapBuildSource{
@@ -196,6 +193,14 @@ func (o *openshiftBuilderManager) addExternalResources(config *buildv1.BuildConf
DestinationDir: workflowRes.WorkflowPath,
+ //make the workflow properties available to the OpenShift build config.
+ configMapSources = append(configMapSources, buildv1.ConfigMapBuildSource{
+ ConfigMap: corev1.LocalObjectReference{Name: workflowproj.GetWorkflowUserPropertiesConfigMapName(workflow)},
+ DestinationDir: ""})
+ configMapSources = append(configMapSources, buildv1.ConfigMapBuildSource{
+ ConfigMap: corev1.LocalObjectReference{Name: workflowproj.GetWorkflowManagedPropertiesConfigMapName(workflow)},
+ DestinationDir: ""})
config.Spec.Source.ConfigMaps = configMapSources
return nil
diff --git a/packages/sonataflow-operator/controllers/builder/openshiftbuilder_test.go b/packages/sonataflow-operator/internal/controller/builder/openshiftbuilder_test.go
similarity index 88%
rename from packages/sonataflow-operator/controllers/builder/openshiftbuilder_test.go
rename to packages/sonataflow-operator/internal/controller/builder/openshiftbuilder_test.go
index 17f6774cbf3..ad61748df42 100644
--- a/packages/sonataflow-operator/controllers/builder/openshiftbuilder_test.go
+++ b/packages/sonataflow-operator/internal/controller/builder/openshiftbuilder_test.go
@@ -23,7 +23,6 @@ import (
- platformUtils "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
buildv1 "github.com/openshift/api/build/v1"
imgv1 "github.com/openshift/api/image/v1"
buildfake "github.com/openshift/client-go/build/clientset/versioned/fake"
@@ -33,7 +32,7 @@ import (
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
@@ -104,7 +103,7 @@ func Test_openshiftbuilder_externalCMs(t *testing.T) {
workflow.Spec.Resources.ConfigMaps = append(workflow.Spec.Resources.ConfigMaps,
- operatorapi.ConfigMapWorkflowResource{ConfigMap: v1.LocalObjectReference{Name: externalCm.Name}})
+ operatorapi.ConfigMapWorkflowResource{ConfigMap: v1.LocalObjectReference{Name: externalCm.Name}, WorkflowPath: "specs"})
namespacedName := types.NamespacedName{Namespace: workflow.Namespace, Name: workflow.Name}
client := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(workflow, platform, config, externalCm).Build()
@@ -130,26 +129,31 @@ func Test_openshiftbuilder_externalCMs(t *testing.T) {
bc := &buildv1.BuildConfig{}
assert.NoError(t, client.Get(context.TODO(), namespacedName, bc))
- assert.Len(t, bc.Spec.Source.ConfigMaps, 1)
+ assert.Len(t, bc.Spec.Source.ConfigMaps, 3)
+ assert.Equal(t, "myopenapis", bc.Spec.Source.ConfigMaps[0].ConfigMap.Name)
+ assert.Equal(t, "specs", bc.Spec.Source.ConfigMaps[0].DestinationDir)
+ assert.Equal(t, "greeting-props", bc.Spec.Source.ConfigMaps[1].ConfigMap.Name)
+ assert.Equal(t, "", bc.Spec.Source.ConfigMaps[1].DestinationDir)
+ assert.Equal(t, "greeting-managed-props", bc.Spec.Source.ConfigMaps[2].ConfigMap.Name)
+ assert.Equal(t, "", bc.Spec.Source.ConfigMaps[2].DestinationDir)
func Test_openshiftbuilder_forcePull(t *testing.T) {
// Setup
ns := t.Name()
workflow := test.GetBaseSonataFlow(ns)
- platform := test.GetBasePlatformInReadyPhase(t.Name())
+ pl := test.GetBasePlatformInReadyPhase(t.Name())
config := test.GetSonataFlowBuilderConfig(ns)
- dockerFile := config.Data[defaultBuilderResourceName]
- config.Data[defaultBuilderResourceName] = platformUtils.ReplaceFromImageTagDockerfile(dockerFile, "FROM image:latest AS builder")
+ pl.Spec.Build.Config.BaseImage = "image:latest"
namespacedName := types.NamespacedName{Namespace: workflow.Namespace, Name: workflow.Name}
- client := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(workflow, platform, config).Build()
+ client := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(workflow, pl, config).Build()
buildClient := buildfake.NewSimpleClientset().BuildV1()
managerContext := buildManagerContext{
ctx: context.TODO(),
client: client,
- platform: platform,
+ platform: pl,
builderConfigMap: config,
diff --git a/packages/sonataflow-operator/controllers/cfg/controllers_cfg.go b/packages/sonataflow-operator/internal/controller/cfg/controllers_cfg.go
similarity index 66%
rename from packages/sonataflow-operator/controllers/cfg/controllers_cfg.go
rename to packages/sonataflow-operator/internal/controller/cfg/controllers_cfg.go
index a1b620230e0..4b6a4fecdec 100644
--- a/packages/sonataflow-operator/controllers/cfg/controllers_cfg.go
+++ b/packages/sonataflow-operator/internal/controller/cfg/controllers_cfg.go
@@ -21,12 +21,14 @@ package cfg
import (
+ "fmt"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
const (
@@ -43,18 +45,36 @@ var defaultControllersCfg = &ControllersCfg{
BuilderConfigMapName: "sonataflow-operator-builder-config",
+type GAV struct {
+ GroupId string `yaml:"groupId,omitempty"`
+ ArtifactId string `yaml:"artifactId,omitempty"`
+ Version string `yaml:"version,omitempty"`
+func (g *GAV) GroupAndArtifact() string {
+ return fmt.Sprintf("%s:%s", g.GroupId, g.ArtifactId)
+func (g *GAV) String() string {
+ return fmt.Sprintf("%s:%s:%s", g.GroupId, g.ArtifactId, g.Version)
type ControllersCfg struct {
- DefaultPvcKanikoSize string `yaml:"defaultPvcKanikoSize,omitempty"`
- HealthFailureThresholdDevMode int32 `yaml:"healthFailureThresholdDevMode,omitempty"`
- KanikoDefaultWarmerImageTag string `yaml:"kanikoDefaultWarmerImageTag,omitempty"`
- KanikoExecutorImageTag string `yaml:"kanikoExecutorImageTag,omitempty"`
- JobsServicePostgreSQLImageTag string `yaml:"jobsServicePostgreSQLImageTag,omitempty"`
- JobsServiceEphemeralImageTag string `yaml:"jobsServiceEphemeralImageTag,omitempty"`
- DataIndexPostgreSQLImageTag string `yaml:"dataIndexPostgreSQLImageTag,omitempty"`
- DataIndexEphemeralImageTag string `yaml:"dataIndexEphemeralImageTag,omitempty"`
- SonataFlowBaseBuilderImageTag string `yaml:"sonataFlowBaseBuilderImageTag,omitempty"`
- SonataFlowDevModeImageTag string `yaml:"sonataFlowDevModeImageTag,omitempty"`
- BuilderConfigMapName string `yaml:"builderConfigMapName,omitempty"`
+ DefaultPvcKanikoSize string `yaml:"defaultPvcKanikoSize,omitempty"`
+ HealthFailureThresholdDevMode int32 `yaml:"healthFailureThresholdDevMode,omitempty"`
+ KanikoDefaultWarmerImageTag string `yaml:"kanikoDefaultWarmerImageTag,omitempty"`
+ KanikoExecutorImageTag string `yaml:"kanikoExecutorImageTag,omitempty"`
+ JobsServicePostgreSQLImageTag string `yaml:"jobsServicePostgreSQLImageTag,omitempty"`
+ JobsServiceEphemeralImageTag string `yaml:"jobsServiceEphemeralImageTag,omitempty"`
+ DataIndexPostgreSQLImageTag string `yaml:"dataIndexPostgreSQLImageTag,omitempty"`
+ DataIndexEphemeralImageTag string `yaml:"dataIndexEphemeralImageTag,omitempty"`
+ SonataFlowBaseBuilderImageTag string `yaml:"sonataFlowBaseBuilderImageTag,omitempty"`
+ SonataFlowDevModeImageTag string `yaml:"sonataFlowDevModeImageTag,omitempty"`
+ BuilderConfigMapName string `yaml:"builderConfigMapName,omitempty"`
+ PostgreSQLPersistenceExtensions []GAV `yaml:"postgreSQLPersistenceExtensions,omitempty"`
+ KogitoEventsGrouping bool `yaml:"kogitoEventsGrouping,omitempty"`
+ KogitoEventsGroupingBinary bool `yaml:"KogitoEventsGroupingBinary,omitempty"`
+ KogitoEventsGroupingCompress bool `yaml:"KogitoEventsGroupingCompress,omitempty"`
// InitializeControllersCfg initializes the platform configuration for this instance.
@@ -90,7 +110,7 @@ func InitializeControllersCfgAt(configFilePath string) (*ControllersCfg, error)
func GetCfg() *ControllersCfg {
// Guard to use defaults in local tests
- // In runtime, main.go calls InitializeControllersCfg to set the cache.
+ // In runtime, cmd/main.go calls InitializeControllersCfg to set the cache.
if controllersCfg == nil {
return defaultControllersCfg
diff --git a/packages/sonataflow-operator/controllers/cfg/controllers_cfg_test.go b/packages/sonataflow-operator/internal/controller/cfg/controllers_cfg_test.go
similarity index 74%
rename from packages/sonataflow-operator/controllers/cfg/controllers_cfg_test.go
rename to packages/sonataflow-operator/internal/controller/cfg/controllers_cfg_test.go
index c763a36f8e2..35fa426b1b9 100644
--- a/packages/sonataflow-operator/controllers/cfg/controllers_cfg_test.go
+++ b/packages/sonataflow-operator/internal/controller/cfg/controllers_cfg_test.go
@@ -35,6 +35,28 @@ func TestInitializeControllersCfgAt_ValidFile(t *testing.T) {
assert.Equal(t, "local/data-index:1.0.0", cfg.DataIndexPostgreSQLImageTag)
assert.Equal(t, "local/sonataflow-builder:1.0.0", cfg.SonataFlowBaseBuilderImageTag)
assert.Equal(t, "local/sonataflow-devmode:1.0.0", cfg.SonataFlowDevModeImageTag)
+ assert.Equal(t, 3, len(cfg.PostgreSQLPersistenceExtensions))
+ postgresExtensions := cfg.PostgreSQLPersistenceExtensions
+ assert.Equal(t, GAV{
+ GroupId: "io.quarkus",
+ ArtifactId: "quarkus-jdbc-postgresql",
+ Version: "3.8.6",
+ }, postgresExtensions[0])
+ assert.Equal(t, GAV{
+ GroupId: "io.quarkus",
+ ArtifactId: "quarkus-agroal",
+ Version: "3.8.6",
+ }, postgresExtensions[1])
+ assert.Equal(t, GAV{
+ GroupId: "org.kie",
+ ArtifactId: "kie-addons-quarkus-persistence-jdbc",
+ Version: "999-20241016-SNAPSHOT",
+ }, postgresExtensions[2])
+ assert.True(t, cfg.KogitoEventsGrouping)
+ assert.True(t, cfg.KogitoEventsGroupingBinary)
+ assert.False(t, cfg.KogitoEventsGroupingCompress)
func TestInitializeControllersCfgAt_FileNotFound(t *testing.T) {
diff --git a/packages/sonataflow-operator/controllers/cfg/testdata/controllers-cfg-invalid.yaml b/packages/sonataflow-operator/internal/controller/cfg/testdata/controllers-cfg-invalid.yaml
similarity index 99%
rename from packages/sonataflow-operator/controllers/cfg/testdata/controllers-cfg-invalid.yaml
rename to packages/sonataflow-operator/internal/controller/cfg/testdata/controllers-cfg-invalid.yaml
index b7285de887e..054545159a0 100644
--- a/packages/sonataflow-operator/controllers/cfg/testdata/controllers-cfg-invalid.yaml
+++ b/packages/sonataflow-operator/internal/controller/cfg/testdata/controllers-cfg-invalid.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,6 +14,5 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
anyThingNotValid: "true"
diff --git a/packages/sonataflow-operator/controllers/cfg/testdata/controllers-cfg-test.yaml b/packages/sonataflow-operator/internal/controller/cfg/testdata/controllers-cfg-test.yaml
similarity index 76%
rename from packages/sonataflow-operator/controllers/cfg/testdata/controllers-cfg-test.yaml
rename to packages/sonataflow-operator/internal/controller/cfg/testdata/controllers-cfg-test.yaml
index b3f437c0264..d4425e6b188 100644
--- a/packages/sonataflow-operator/controllers/cfg/testdata/controllers-cfg-test.yaml
+++ b/packages/sonataflow-operator/internal/controller/cfg/testdata/controllers-cfg-test.yaml
@@ -1,4 +1,3 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,7 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# The default size of Kaniko PVC when using the internal operator builder manager
defaultPvcKanikoSize: 2Gi
@@ -26,3 +24,16 @@ jobsServicePostgreSQLImageTag: "local/jobs-service:1.0.0"
dataIndexPostgreSQLImageTag: "local/data-index:1.0.0"
sonataFlowBaseBuilderImageTag: "local/sonataflow-builder:1.0.0"
sonataFlowDevModeImageTag: "local/sonataflow-devmode:1.0.0"
+ - groupId: io.quarkus
+ artifactId: quarkus-jdbc-postgresql
+ version: 3.8.6
+ - groupId: io.quarkus
+ artifactId: quarkus-agroal
+ version: 3.8.6
+ - groupId: org.kie
+ artifactId: kie-addons-quarkus-persistence-jdbc
+ version: 999-20241016-SNAPSHOT
+kogitoEventsGrouping: true
+kogitoEventsGroupingBinary: true
+kogitoEventsGroupingCompress: false
diff --git a/packages/sonataflow-operator/controllers/clusterplatform/action.go b/packages/sonataflow-operator/internal/controller/clusterplatform/action.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/clusterplatform/action.go
rename to packages/sonataflow-operator/internal/controller/clusterplatform/action.go
diff --git a/packages/sonataflow-operator/controllers/clusterplatform/clusterplatform.go b/packages/sonataflow-operator/internal/controller/clusterplatform/clusterplatform.go
similarity index 80%
rename from packages/sonataflow-operator/controllers/clusterplatform/clusterplatform.go
rename to packages/sonataflow-operator/internal/controller/clusterplatform/clusterplatform.go
index fd8110a6e03..0f94ab66a20 100644
--- a/packages/sonataflow-operator/controllers/clusterplatform/clusterplatform.go
+++ b/packages/sonataflow-operator/internal/controller/clusterplatform/clusterplatform.go
@@ -22,12 +22,13 @@ package clusterplatform
import (
+ k8serrors "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/klog/v2"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- k8serrors "k8s.io/apimachinery/pkg/api/errors"
- "k8s.io/klog/v2"
- ctrl "sigs.k8s.io/controller-runtime/pkg/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
const (
@@ -35,15 +36,15 @@ const (
// GetActiveClusterPlatform returns the currently installed active cluster platform.
-func GetActiveClusterPlatform(ctx context.Context, c ctrl.Client) (*operatorapi.SonataFlowClusterPlatform, error) {
- return getClusterPlatform(ctx, c, true)
+func GetActiveClusterPlatform(ctx context.Context) (*operatorapi.SonataFlowClusterPlatform, error) {
+ return getClusterPlatform(ctx, true)
// getClusterPlatform returns the currently active cluster platform or any cluster platform existing in the cluster.
-func getClusterPlatform(ctx context.Context, c ctrl.Client, active bool) (*operatorapi.SonataFlowClusterPlatform, error) {
+func getClusterPlatform(ctx context.Context, active bool) (*operatorapi.SonataFlowClusterPlatform, error) {
klog.V(log.D).InfoS("Finding available cluster platforms")
- lst, err := listPrimaryClusterPlatforms(ctx, c)
+ lst, err := listPrimaryClusterPlatforms(ctx)
if err != nil {
return nil, err
@@ -66,8 +67,8 @@ func getClusterPlatform(ctx context.Context, c ctrl.Client, active bool) (*opera
// listPrimaryClusterPlatforms returns all non-secondary cluster platforms installed (only one will be active).
-func listPrimaryClusterPlatforms(ctx context.Context, c ctrl.Reader) (*operatorapi.SonataFlowClusterPlatformList, error) {
- lst, err := listAllClusterPlatforms(ctx, c)
+func listPrimaryClusterPlatforms(ctx context.Context) (*operatorapi.SonataFlowClusterPlatformList, error) {
+ lst, err := listAllClusterPlatforms(ctx)
if err != nil {
return nil, err
@@ -83,8 +84,8 @@ func listPrimaryClusterPlatforms(ctx context.Context, c ctrl.Reader) (*operatora
// allDuplicatedClusterPlatforms returns true if every cluster platform has a "Duplicated" status set
-func allDuplicatedClusterPlatforms(ctx context.Context, c ctrl.Reader) bool {
- lst, err := listAllClusterPlatforms(ctx, c)
+func allDuplicatedClusterPlatforms(ctx context.Context) bool {
+ lst, err := listAllClusterPlatforms(ctx)
if err != nil {
return false
@@ -99,9 +100,9 @@ func allDuplicatedClusterPlatforms(ctx context.Context, c ctrl.Reader) bool {
// listAllClusterPlatforms returns all clusterplatforms installed.
-func listAllClusterPlatforms(ctx context.Context, c ctrl.Reader) (*operatorapi.SonataFlowClusterPlatformList, error) {
+func listAllClusterPlatforms(ctx context.Context) (*operatorapi.SonataFlowClusterPlatformList, error) {
lst := operatorapi.NewSonataFlowClusterPlatformList()
- if err := c.List(ctx, &lst); err != nil {
+ if err := utils.GetClient().List(ctx, &lst); err != nil {
return nil, err
return &lst, nil
diff --git a/packages/sonataflow-operator/controllers/clusterplatform/defaults.go b/packages/sonataflow-operator/internal/controller/clusterplatform/defaults.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/clusterplatform/defaults.go
rename to packages/sonataflow-operator/internal/controller/clusterplatform/defaults.go
index 3e8c38a9f1b..52cab983775 100644
--- a/packages/sonataflow-operator/controllers/clusterplatform/defaults.go
+++ b/packages/sonataflow-operator/internal/controller/clusterplatform/defaults.go
@@ -22,11 +22,12 @@ package clusterplatform
import (
+ "k8s.io/klog/v2"
+ ctrl "sigs.k8s.io/controller-runtime/pkg/client"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "k8s.io/klog/v2"
- ctrl "sigs.k8s.io/controller-runtime/pkg/client"
func configureDefaults(ctx context.Context, c client.Client, cp *operatorapi.SonataFlowClusterPlatform, verbose bool) error {
diff --git a/packages/sonataflow-operator/controllers/clusterplatform/initialize.go b/packages/sonataflow-operator/internal/controller/clusterplatform/initialize.go
similarity index 97%
rename from packages/sonataflow-operator/controllers/clusterplatform/initialize.go
rename to packages/sonataflow-operator/internal/controller/clusterplatform/initialize.go
index eed500d6e0e..d07db601702 100644
--- a/packages/sonataflow-operator/controllers/clusterplatform/initialize.go
+++ b/packages/sonataflow-operator/internal/controller/clusterplatform/initialize.go
@@ -23,13 +23,14 @@ import (
+ k8serrors "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/types"
+ "k8s.io/klog/v2"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- k8serrors "k8s.io/apimachinery/pkg/api/errors"
- "k8s.io/apimachinery/pkg/types"
- "k8s.io/klog/v2"
// NewInitializeAction returns an action that initializes the platform configuration when not provided by the user.
@@ -46,7 +47,7 @@ func (action *initializeAction) Name() string {
func (action *initializeAction) CanHandle(ctx context.Context, cPlatform *operatorapi.SonataFlowClusterPlatform) bool {
- return !cPlatform.Status.IsDuplicated() || allDuplicatedClusterPlatforms(ctx, action.client)
+ return !cPlatform.Status.IsDuplicated() || allDuplicatedClusterPlatforms(ctx)
func (action *initializeAction) Handle(ctx context.Context, cPlatform *operatorapi.SonataFlowClusterPlatform) error {
@@ -107,7 +108,7 @@ func (action *initializeAction) isPrimaryDuplicate(ctx context.Context, cPlatfor
// Always reconcile secondary cluster platforms
return false, nil
- platforms, err := listPrimaryClusterPlatforms(ctx, action.client)
+ platforms, err := listPrimaryClusterPlatforms(ctx)
if err != nil {
return false, err
diff --git a/packages/sonataflow-operator/controllers/const.go b/packages/sonataflow-operator/internal/controller/const.go
similarity index 97%
rename from packages/sonataflow-operator/controllers/const.go
rename to packages/sonataflow-operator/internal/controller/const.go
index 55dafef1b79..48fe766c7e0 100644
--- a/packages/sonataflow-operator/controllers/const.go
+++ b/packages/sonataflow-operator/internal/controller/const.go
@@ -17,7 +17,7 @@
* under the License.
-package controllers
+package controller
const (
// ComponentName just a name to identify this package/component/application
diff --git a/packages/sonataflow-operator/controllers/discovery/discovery.go b/packages/sonataflow-operator/internal/controller/discovery/discovery.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/discovery.go
rename to packages/sonataflow-operator/internal/controller/discovery/discovery.go
diff --git a/packages/sonataflow-operator/controllers/discovery/discovery_knative_test.go b/packages/sonataflow-operator/internal/controller/discovery/discovery_knative_test.go
similarity index 94%
rename from packages/sonataflow-operator/controllers/discovery/discovery_knative_test.go
rename to packages/sonataflow-operator/internal/controller/discovery/discovery_knative_test.go
index 6fc281f3e5b..b71c78a62c5 100644
--- a/packages/sonataflow-operator/controllers/discovery/discovery_knative_test.go
+++ b/packages/sonataflow-operator/internal/controller/discovery/discovery_knative_test.go
@@ -105,11 +105,13 @@ func doTestQueryKnativeBroker(t *testing.T, expectedUri string) {
Spec: eventingv1.BrokerSpec{},
Status: eventingv1.BrokerStatus{
- Address: duckv1.Addressable{
- URL: &apis.URL{
- Scheme: "http",
- Host: "broker-ingress.knative-eventing.svc.cluster.local",
- Path: "/" + namespace1 + "/" + knBrokerName1,
+ AddressStatus: duckv1.AddressStatus{
+ Address: &duckv1.Addressable{
+ URL: &apis.URL{
+ Scheme: "http",
+ Host: "broker-ingress.knative-eventing.svc.cluster.local",
+ Path: "/" + namespace1 + "/" + knBrokerName1,
+ },
diff --git a/packages/sonataflow-operator/controllers/discovery/discovery_openshift_test.go b/packages/sonataflow-operator/internal/controller/discovery/discovery_openshift_test.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/discovery/discovery_openshift_test.go
rename to packages/sonataflow-operator/internal/controller/discovery/discovery_openshift_test.go
index ac54da721f1..91fbf6ccb40 100644
--- a/packages/sonataflow-operator/controllers/discovery/discovery_openshift_test.go
+++ b/packages/sonataflow-operator/internal/controller/discovery/discovery_openshift_test.go
@@ -33,11 +33,11 @@ import (
func Test_QueryOpenShiftRoute(t *testing.T) {
- doTestQueryOpenShiftRoute(t, false, "http://openshiftroutehost1:80")
+ doTestQueryOpenShiftRoute(t, false, "http://openshiftroutehost1")
func Test_QueryOpenShiftRouteWithTLS(t *testing.T) {
- doTestQueryOpenShiftRoute(t, true, "https://openshiftroutehost1:443")
+ doTestQueryOpenShiftRoute(t, true, "https://openshiftroutehost1")
func doTestQueryOpenShiftRoute(t *testing.T, tls bool, expectedUri string) {
diff --git a/packages/sonataflow-operator/controllers/discovery/discovery_test.go b/packages/sonataflow-operator/internal/controller/discovery/discovery_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/discovery_test.go
rename to packages/sonataflow-operator/internal/controller/discovery/discovery_test.go
diff --git a/packages/sonataflow-operator/controllers/discovery/knative_catalog.go b/packages/sonataflow-operator/internal/controller/discovery/knative_catalog.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/discovery/knative_catalog.go
rename to packages/sonataflow-operator/internal/controller/discovery/knative_catalog.go
index 3f3901e3b14..4f94ad0fd9a 100644
--- a/packages/sonataflow-operator/controllers/discovery/knative_catalog.go
+++ b/packages/sonataflow-operator/internal/controller/discovery/knative_catalog.go
@@ -23,11 +23,12 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/knative"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
clienteventingv1 "knative.dev/eventing/pkg/client/clientset/versioned/typed/eventing/v1"
diff --git a/packages/sonataflow-operator/controllers/discovery/kubernetes_catalog.go b/packages/sonataflow-operator/internal/controller/discovery/kubernetes_catalog.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/kubernetes_catalog.go
rename to packages/sonataflow-operator/internal/controller/discovery/kubernetes_catalog.go
diff --git a/packages/sonataflow-operator/controllers/discovery/kubernetes_constants.go b/packages/sonataflow-operator/internal/controller/discovery/kubernetes_constants.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/kubernetes_constants.go
rename to packages/sonataflow-operator/internal/controller/discovery/kubernetes_constants.go
diff --git a/packages/sonataflow-operator/controllers/discovery/openshift_catalog.go b/packages/sonataflow-operator/internal/controller/discovery/openshift_catalog.go
similarity index 96%
rename from packages/sonataflow-operator/controllers/discovery/openshift_catalog.go
rename to packages/sonataflow-operator/internal/controller/discovery/openshift_catalog.go
index c18d7fca9f1..c376939681a 100644
--- a/packages/sonataflow-operator/controllers/discovery/openshift_catalog.go
+++ b/packages/sonataflow-operator/internal/controller/discovery/openshift_catalog.go
@@ -25,12 +25,13 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/openshift"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
appsv1 "github.com/openshift/client-go/apps/clientset/versioned/typed/apps/v1"
routev1 "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/openshift"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -107,12 +108,11 @@ func (c openShiftServiceCatalog) resolveOpenShiftRouteQuery(ctx context.Context,
return "", err
} else {
scheme := httpProtocol
- port := defaultHttpPort
if route.Spec.TLS != nil {
scheme = httpsProtocol
- port = defaultHttpsPort
- return buildURI(scheme, route.Spec.Host, port), nil
+ // the OpenShift routes are only opened at the http/https standard ports.
+ return fmt.Sprintf("%s://%s", scheme, route.Spec.Host), nil
diff --git a/packages/sonataflow-operator/controllers/discovery/port_utils.go b/packages/sonataflow-operator/internal/controller/discovery/port_utils.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/discovery/port_utils.go
rename to packages/sonataflow-operator/internal/controller/discovery/port_utils.go
index 2c36e03639e..74be7bf4b02 100644
--- a/packages/sonataflow-operator/controllers/discovery/port_utils.go
+++ b/packages/sonataflow-operator/internal/controller/discovery/port_utils.go
@@ -20,8 +20,9 @@
package discovery
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
corev1 "k8s.io/api/core/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
func isSecurePort(port int) bool {
diff --git a/packages/sonataflow-operator/controllers/discovery/port_utils_test.go b/packages/sonataflow-operator/internal/controller/discovery/port_utils_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/port_utils_test.go
rename to packages/sonataflow-operator/internal/controller/discovery/port_utils_test.go
diff --git a/packages/sonataflow-operator/controllers/discovery/queries.go b/packages/sonataflow-operator/internal/controller/discovery/queries.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/queries.go
rename to packages/sonataflow-operator/internal/controller/discovery/queries.go
diff --git a/packages/sonataflow-operator/controllers/discovery/queries_test.go b/packages/sonataflow-operator/internal/controller/discovery/queries_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/queries_test.go
rename to packages/sonataflow-operator/internal/controller/discovery/queries_test.go
diff --git a/packages/sonataflow-operator/controllers/discovery/test_utils.go b/packages/sonataflow-operator/internal/controller/discovery/test_utils.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/test_utils.go
rename to packages/sonataflow-operator/internal/controller/discovery/test_utils.go
diff --git a/packages/sonataflow-operator/controllers/discovery/uri_parser.go b/packages/sonataflow-operator/internal/controller/discovery/uri_parser.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/uri_parser.go
rename to packages/sonataflow-operator/internal/controller/discovery/uri_parser.go
diff --git a/packages/sonataflow-operator/controllers/discovery/uri_parser_test.go b/packages/sonataflow-operator/internal/controller/discovery/uri_parser_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/uri_parser_test.go
rename to packages/sonataflow-operator/internal/controller/discovery/uri_parser_test.go
diff --git a/packages/sonataflow-operator/controllers/discovery/uri_utils.go b/packages/sonataflow-operator/internal/controller/discovery/uri_utils.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/discovery/uri_utils.go
rename to packages/sonataflow-operator/internal/controller/discovery/uri_utils.go
index 6c750842ea2..62148bb6f05 100644
--- a/packages/sonataflow-operator/controllers/discovery/uri_utils.go
+++ b/packages/sonataflow-operator/internal/controller/discovery/uri_utils.go
@@ -23,8 +23,9 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
corev1 "k8s.io/api/core/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
func resolveServiceUri(service *corev1.Service, customPort string, outputFormat string) (string, error) {
diff --git a/packages/sonataflow-operator/controllers/discovery/uri_utils_test.go b/packages/sonataflow-operator/internal/controller/discovery/uri_utils_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/discovery/uri_utils_test.go
rename to packages/sonataflow-operator/internal/controller/discovery/uri_utils_test.go
diff --git a/packages/sonataflow-operator/internal/controller/knative/knative.go b/packages/sonataflow-operator/internal/controller/knative/knative.go
new file mode 100644
index 00000000000..d215a66398f
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/knative/knative.go
@@ -0,0 +1,274 @@
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package knative
+import (
+ "context"
+ "fmt"
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/types"
+ "k8s.io/client-go/rest"
+ eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
+ sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ clienteventingv1 "knative.dev/eventing/pkg/client/clientset/versioned/typed/eventing/v1"
+ "knative.dev/pkg/apis"
+ duckv1 "knative.dev/pkg/apis/duck/v1"
+ clientservingv1 "knative.dev/serving/pkg/client/clientset/versioned/typed/serving/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/reconcile"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+ kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj"
+var servingClient clientservingv1.ServingV1Interface
+var eventingClient clienteventingv1.EventingV1Interface
+type Availability struct {
+ Eventing bool
+ Serving bool
+const (
+ kSink = "K_SINK"
+ knativeBundleVolume = "kne-bundle-volume"
+ kCeOverRides = "K_CE_OVERRIDES"
+ knativeServingGroup = "serving.knative.dev"
+ knativeEventingGroup = "eventing.knative.dev"
+ knativeEventingAPIVersion = "eventing.knative.dev/v1"
+ knativeBrokerKind = "Broker"
+ knativeSinkProvided = "SinkProvided"
+func GetKnativeServingClient(cfg *rest.Config) (clientservingv1.ServingV1Interface, error) {
+ if servingClient == nil {
+ if knServingClient, err := NewKnativeServingClient(cfg); err != nil {
+ return nil, err
+ } else {
+ servingClient = knServingClient
+ }
+ }
+ return servingClient, nil
+func GetKnativeEventingClient(cfg *rest.Config) (clienteventingv1.EventingV1Interface, error) {
+ if eventingClient == nil {
+ if knEventingClient, err := NewKnativeEventingClient(cfg); err != nil {
+ return nil, err
+ } else {
+ eventingClient = knEventingClient
+ }
+ }
+ return eventingClient, nil
+func NewKnativeServingClient(cfg *rest.Config) (*clientservingv1.ServingV1Client, error) {
+ return clientservingv1.NewForConfig(cfg)
+func NewKnativeEventingClient(cfg *rest.Config) (*clienteventingv1.EventingV1Client, error) {
+ return clienteventingv1.NewForConfig(cfg)
+func GetKnativeAvailability(cfg *rest.Config) (*Availability, error) {
+ if cli, err := utils.GetDiscoveryClient(cfg); err != nil {
+ return nil, err
+ } else {
+ apiList, err := cli.ServerGroups()
+ if err != nil {
+ return nil, err
+ }
+ result := new(Availability)
+ for _, group := range apiList.Groups {
+ if group.Name == knativeServingGroup {
+ result.Serving = true
+ }
+ if group.Name == knativeEventingGroup {
+ result.Eventing = true
+ }
+ }
+ return result, nil
+ }
+// getRemotePlatform returns the remote platfrom referred by a SonataFlowClusterPlatform
+func getRemotePlatform(pl *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, error) {
+ if pl.Status.ClusterPlatformRef != nil {
+ // Find the platform referred by the cluster platform
+ platform := &operatorapi.SonataFlowPlatform{}
+ if err := utils.GetClient().Get(context.TODO(), types.NamespacedName{Namespace: pl.Status.ClusterPlatformRef.PlatformRef.Namespace, Name: pl.Status.ClusterPlatformRef.PlatformRef.Name}, platform); err != nil {
+ return nil, fmt.Errorf("error reading the platform referred by the cluster platform")
+ }
+ return platform, nil
+ }
+ return nil, nil
+func getDestinationWithNamespace(dest *duckv1.Destination, namespace string) *duckv1.Destination {
+ if dest != nil && dest.Ref != nil && len(dest.Ref.Namespace) == 0 {
+ dest.Ref.Namespace = namespace
+ }
+ return dest
+func ValidateBroker(name, namespace string) error {
+ broker := &eventingv1.Broker{}
+ if err := utils.GetClient().Get(context.TODO(), types.NamespacedName{Name: name, Namespace: namespace}, broker); err != nil {
+ if errors.IsNotFound(err) {
+ return fmt.Errorf("broker %s in namespace %s does not exist", name, namespace)
+ }
+ return err
+ }
+ cond := broker.Status.GetCondition(apis.ConditionReady)
+ if cond != nil && cond.Status == corev1.ConditionTrue {
+ return nil
+ }
+ return fmt.Errorf("broker %s in namespace %s is not ready", name, namespace)
+func GetWorkflowSink(workflow *operatorapi.SonataFlow, pl *operatorapi.SonataFlowPlatform) (*duckv1.Destination, error) {
+ if workflow == nil {
+ return nil, nil
+ }
+ if workflow.Spec.Sink != nil {
+ return getDestinationWithNamespace(workflow.Spec.Sink, workflow.Namespace), nil
+ }
+ if pl != nil && pl.Spec.Eventing != nil && pl.Spec.Eventing.Broker != nil {
+ // no sink defined in the workflow, use the platform broker
+ return getDestinationWithNamespace(pl.Spec.Eventing.Broker, pl.Namespace), nil
+ }
+ // Find the remote platform referred by the cluster platform
+ platform, err := getRemotePlatform(pl)
+ if err != nil {
+ return nil, err
+ }
+ if platform != nil && platform.Spec.Eventing != nil && platform.Spec.Eventing.Broker != nil {
+ return getDestinationWithNamespace(platform.Spec.Eventing.Broker, platform.Namespace), nil
+ }
+ return nil, nil
+func IsKnativeBroker(kRef *duckv1.KReference) bool {
+ return kRef.APIVersion == knativeEventingAPIVersion && kRef.Kind == knativeBrokerKind
+func SaveKnativeData(dest *corev1.PodSpec, source *corev1.PodSpec) {
+ for _, volume := range source.Volumes {
+ if volume.Name == knativeBundleVolume {
+ kubeutil.AddOrReplaceVolume(dest, volume)
+ break
+ }
+ }
+ visitContainers(source, func(container *corev1.Container) {
+ visitContainers(dest, func(destContainer *corev1.Container) {
+ for _, mount := range container.VolumeMounts {
+ if mount.Name == knativeBundleVolume {
+ kubeutil.AddOrReplaceVolumeMount(destContainer, mount)
+ break
+ }
+ }
+ for _, env := range container.Env {
+ if env.Name == kSink || env.Name == kCeOverRides {
+ kubeutil.AddOrReplaceEnvVar(destContainer, env)
+ }
+ }
+ })
+ })
+func moveKnativeVolumeToEnd(vols []corev1.Volume) {
+ for i := 0; i < len(vols)-1; i++ {
+ if vols[i].Name == knativeBundleVolume {
+ vols[i], vols[i+1] = vols[i+1], vols[i]
+ }
+ }
+func moveKnativeVolumeMountToEnd(mounts []corev1.VolumeMount) {
+ for i := 0; i < len(mounts)-1; i++ {
+ if mounts[i].Name == knativeBundleVolume {
+ mounts[i], mounts[i+1] = mounts[i+1], mounts[i]
+ }
+ }
+// Knative Sinkbinding injects K_SINK env, a volume and volume mount. The volume and volume mount
+// must be in the end of the array to avoid repeadly restarting of the workflow pod
+func RestoreKnativeVolumeAndVolumeMount(podSpec *corev1.PodSpec) {
+ moveKnativeVolumeToEnd(podSpec.Volumes)
+ visitContainers(podSpec, func(container *corev1.Container) {
+ moveKnativeVolumeMountToEnd(container.VolumeMounts)
+ })
+// containerVisitor is called with each container
+type containerVisitor func(container *corev1.Container)
+// visitContainers invokes the visitor function for every container in the given pod template spec
+func visitContainers(podSpec *corev1.PodSpec, visitor containerVisitor) {
+ for i := range podSpec.InitContainers {
+ visitor(&podSpec.InitContainers[i])
+ }
+ for i := range podSpec.Containers {
+ visitor(&podSpec.Containers[i])
+ }
+ for i := range podSpec.EphemeralContainers {
+ visitor((*corev1.Container)(&podSpec.EphemeralContainers[i].EphemeralContainerCommon))
+ }
+// if a trigger is changed and it has namespace different from the platform is changed, reconcile the parent SonataFlowPlatform in the cluster.
+func MapTriggerToPlatformRequests(ctx context.Context, object client.Object) []reconcile.Request {
+ if trigger, ok := object.(*eventingv1.Trigger); ok {
+ nameFound := ""
+ namespaceFound := ""
+ for k, v := range trigger.GetLabels() {
+ if k == workflowproj.LabelApp {
+ nameFound = v
+ } else if k == workflowproj.LabelAppNamespace {
+ namespaceFound = v
+ }
+ }
+ if len(nameFound) > 0 && len(namespaceFound) > 0 && namespaceFound != trigger.Namespace {
+ return []reconcile.Request{reconcile.Request{NamespacedName: types.NamespacedName{Name: nameFound, Namespace: namespaceFound}}}
+ }
+ }
+ return nil
+// Does the sinkbinding completed K_SINK injection?
+func CheckKSinkInjected(name, namespace string) (bool, error) {
+ sb := &sourcesv1.SinkBinding{}
+ if err := utils.GetClient().Get(context.TODO(), types.NamespacedName{Name: fmt.Sprintf("%s-sb", name), Namespace: namespace}, sb); err != nil {
+ if errors.IsNotFound(err) {
+ return false, nil // deployment hasn't been created yet
+ }
+ return false, err
+ }
+ cond := sb.Status.GetCondition(apis.ConditionType(knativeSinkProvided))
+ if cond != nil && cond.Status == corev1.ConditionTrue {
+ return true, nil
+ }
+ return false, nil // K_SINK has not been injected yet
diff --git a/packages/sonataflow-operator/container-builder/cleaner/test_utils.go b/packages/sonataflow-operator/internal/controller/monitoring/monitoring.go
similarity index 55%
rename from packages/sonataflow-operator/container-builder/cleaner/test_utils.go
rename to packages/sonataflow-operator/internal/controller/monitoring/monitoring.go
index 5c002c95e14..9aff6a5e928 100644
--- a/packages/sonataflow-operator/container-builder/cleaner/test_utils.go
+++ b/packages/sonataflow-operator/internal/controller/monitoring/monitoring.go
@@ -17,19 +17,37 @@
* under the License.
-package cleaner
+package monitoring
import (
- "testing"
+ "k8s.io/client-go/rest"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/common"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
- "github.com/stretchr/testify/assert"
+const (
+ prometheusGroup = "monitoring.coreos.com"
-func CheckRepositoriesSize(t *testing.T, size int, registryContainer common.RegistryContainer) []string {
- repos, err := registryContainer.GetRepositories()
- assert.Nil(t, err, "Error calling GetRepositories()")
- assert.True(t, len(repos) == size)
- return repos
+func GetPrometheusAvailability(cfg *rest.Config) (bool, error) {
+ cli, err := utils.GetDiscoveryClient(cfg)
+ if err != nil {
+ return false, err
+ }
+ apiList, err := cli.ServerGroups()
+ if err != nil {
+ return false, err
+ }
+ for _, group := range apiList.Groups {
+ if group.Name == prometheusGroup {
+ return true, nil
+ }
+ }
+ return false, nil
+func IsMonitoringEnabled(pl *operatorapi.SonataFlowPlatform) bool {
+ return pl != nil && pl.Spec.Monitoring != nil && pl.Spec.Monitoring.Enabled
diff --git a/packages/sonataflow-operator/controllers/openshift/openshift.go b/packages/sonataflow-operator/internal/controller/openshift/openshift.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/openshift/openshift.go
rename to packages/sonataflow-operator/internal/controller/openshift/openshift.go
diff --git a/packages/sonataflow-operator/controllers/platform/action.go b/packages/sonataflow-operator/internal/controller/platform/action.go
similarity index 95%
rename from packages/sonataflow-operator/controllers/platform/action.go
rename to packages/sonataflow-operator/internal/controller/platform/action.go
index 563a7d10905..fc1793b1b74 100644
--- a/packages/sonataflow-operator/controllers/platform/action.go
+++ b/packages/sonataflow-operator/internal/controller/platform/action.go
@@ -22,9 +22,10 @@ package platform
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
+ corev1 "k8s.io/api/core/v1"
v08 "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
// Action --.
@@ -38,7 +39,7 @@ type Action interface {
CanHandle(platform *v08.SonataFlowPlatform) bool
// executes the handling function
- Handle(ctx context.Context, platform *v08.SonataFlowPlatform) (*v08.SonataFlowPlatform, error)
+ Handle(ctx context.Context, platform *v08.SonataFlowPlatform) (*v08.SonataFlowPlatform, *corev1.Event, error)
type baseAction struct {
diff --git a/packages/sonataflow-operator/controllers/platform/create.go b/packages/sonataflow-operator/internal/controller/platform/create.go
similarity index 92%
rename from packages/sonataflow-operator/controllers/platform/create.go
rename to packages/sonataflow-operator/internal/controller/platform/create.go
index cdd0d64e6bd..1bc64831e52 100644
--- a/packages/sonataflow-operator/controllers/platform/create.go
+++ b/packages/sonataflow-operator/internal/controller/platform/create.go
@@ -22,6 +22,8 @@ package platform
import (
+ corev1 "k8s.io/api/core/v1"
v08 "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
@@ -43,9 +45,9 @@ func (action *createAction) CanHandle(platform *v08.SonataFlowPlatform) bool {
return platform.Status.IsCreating()
-func (action *createAction) Handle(ctx context.Context, platform *v08.SonataFlowPlatform) (*v08.SonataFlowPlatform, error) {
+func (action *createAction) Handle(ctx context.Context, platform *v08.SonataFlowPlatform) (*v08.SonataFlowPlatform, *corev1.Event, error) {
//TODO: Perform the actions needed for the Platform creation
- return platform, nil
+ return platform, nil, nil
diff --git a/packages/sonataflow-operator/controllers/platform/platformutils.go b/packages/sonataflow-operator/internal/controller/platform/defaults.go
similarity index 69%
rename from packages/sonataflow-operator/controllers/platform/platformutils.go
rename to packages/sonataflow-operator/internal/controller/platform/defaults.go
index 6f401d77b8e..ad3ebcf7a85 100644
--- a/packages/sonataflow-operator/controllers/platform/platformutils.go
+++ b/packages/sonataflow-operator/internal/controller/platform/defaults.go
@@ -21,50 +21,54 @@ package platform
import (
- "regexp"
- "strings"
corev1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/klog/v2"
- ctrl "sigs.k8s.io/controller-runtime/pkg/client"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/klog/v2"
+ ctrl "sigs.k8s.io/controller-runtime/pkg/client"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
-var builderDockerfileFromRE = regexp.MustCompile(`FROM (.*) AS builder`)
+const defaultSonataFlowPlatformName = "sonataflow-platform"
-// ResourceCustomizer can be used to inject code that changes the objects before they are created.
-type ResourceCustomizer func(object ctrl.Object) ctrl.Object
+func CreateOrUpdateWithDefaults(ctx context.Context, p *operatorapi.SonataFlowPlatform, verbose bool) error {
+ // update missing fields in the resource
+ if p.Status.Cluster == "" || utils.IsOpenShift() {
+ p.Status.Cluster = operatorapi.PlatformClusterOpenShift
+ p.Spec.Build.Config.BuildStrategy = operatorapi.PlatformBuildStrategy
+ }
+ if p.Status.Cluster == "" || !utils.IsOpenShift() {
+ p.Status.Cluster = operatorapi.PlatformClusterKubernetes
+ p.Spec.Build.Config.BuildStrategy = operatorapi.OperatorBuildStrategy
+ }
-func configureRegistry(ctx context.Context, c client.Client, p *operatorapi.SonataFlowPlatform, verbose bool) error {
- if p.Spec.Build.Config.BuildStrategy == operatorapi.PlatformBuildStrategy && p.Status.Cluster == operatorapi.PlatformClusterOpenShift {
- p.Spec.Build.Config.Registry = operatorapi.RegistrySpec{}
- klog.V(log.D).InfoS("Platform registry not set and ignored on openshift cluster")
- return nil
+ err := setPlatformDefaults(p, verbose)
+ if err != nil {
+ return err
- if p.Spec.Build.Config.Registry.Address == "" && p.Status.Cluster == operatorapi.PlatformClusterKubernetes {
- // try KEP-1755
- address, err := GetRegistryAddress(ctx, c)
- if err != nil && verbose {
- klog.V(log.E).ErrorS(err, "Cannot find a registry where to push images via KEP-1755")
- } else if err == nil && address != nil {
- p.Spec.Build.Config.Registry.Address = *address
- }
+ err = configureRegistry(ctx, p, verbose)
+ if err != nil {
+ return err
- klog.V(log.D).InfoS("Final Registry Address", "address", p.Spec.Build.Config.Registry.Address)
- return nil
+ if verbose && p.Spec.Build.Config.Timeout.Duration != 0 {
+ klog.V(log.I).InfoS("Maven Timeout set", "timeout", p.Spec.Build.Config.Timeout.Duration)
+ }
+ return createPlatformIfNotExists(ctx, p)
func setPlatformDefaults(p *operatorapi.SonataFlowPlatform, verbose bool) error {
@@ -137,11 +141,32 @@ func setStatusAdditionalInfo(platform *operatorapi.SonataFlowPlatform) {
platform.Status.Info["goOS"] = runtime.GOOS
-// GetRegistryAddress KEP-1755
+func configureRegistry(ctx context.Context, p *operatorapi.SonataFlowPlatform, verbose bool) error {
+ if p.Spec.Build.Config.BuildStrategy == operatorapi.PlatformBuildStrategy && p.Status.Cluster == operatorapi.PlatformClusterOpenShift {
+ p.Spec.Build.Config.Registry = operatorapi.RegistrySpec{}
+ klog.V(log.D).InfoS("Platform registry not set and ignored on openshift cluster")
+ return nil
+ }
+ if p.Spec.Build.Config.Registry.Address == "" && p.Status.Cluster == operatorapi.PlatformClusterKubernetes {
+ // try KEP-1755
+ address, err := getRegistryAddress(ctx)
+ if err != nil && verbose {
+ klog.V(log.E).ErrorS(err, "Cannot find a registry where to push images via KEP-1755")
+ } else if err == nil && address != nil {
+ p.Spec.Build.Config.Registry.Address = *address
+ }
+ }
+ klog.V(log.D).InfoS("Final Registry Address", "address", p.Spec.Build.Config.Registry.Address)
+ return nil
+// getRegistryAddress KEP-1755
// https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
-func GetRegistryAddress(ctx context.Context, c client.Client) (*string, error) {
+func getRegistryAddress(ctx context.Context) (*string, error) {
config := corev1.ConfigMap{}
- err := c.Get(ctx, ctrl.ObjectKey{Namespace: "kube-public", Name: "local-registry-hosting"}, &config)
+ err := utils.GetClient().Get(ctx, ctrl.ObjectKey{Namespace: "kube-public", Name: "local-registry-hosting"}, &config)
if err != nil {
if k8serrors.IsNotFound(err) {
return nil, nil
@@ -158,21 +183,26 @@ func GetRegistryAddress(ctx context.Context, c client.Client) (*string, error) {
return nil, nil
-// GetCustomizedBuilderDockerfile gets the Dockerfile as defined in the default platform ConfigMap, apply any custom requirements and return.
-func GetCustomizedBuilderDockerfile(dockerfile string, platform operatorapi.SonataFlowPlatform) string {
- if len(platform.Spec.Build.Config.BaseImage) > 0 {
- dockerfile = strings.Replace(dockerfile, GetFromImageTagDockerfile(dockerfile), platform.Spec.Build.Config.BaseImage, 1)
+func createPlatformIfNotExists(ctx context.Context, p *operatorapi.SonataFlowPlatform) error {
+ newPlt := operatorapi.SonataFlowPlatform{}
+ err := utils.GetClient().Get(ctx, ctrl.ObjectKey{Namespace: p.Namespace, Name: p.Name}, &newPlt)
+ if errors.IsNotFound(err) {
+ klog.V(log.D).ErrorS(err, "Platform not found, creating it")
+ return utils.GetClient().Create(ctx, p)
- return dockerfile
-func GetFromImageTagDockerfile(dockerfile string) string {
- res := builderDockerfileFromRE.FindAllStringSubmatch(dockerfile, 1)
- return strings.Trim(res[0][1], " ")
+ // FIXME: We should never update the object within methods like this, but let the actual reconciler to do it
+ // https://github.com/apache/incubator-kie-tools/packages/sonataflow-operator/issues/538
+ if err = SafeUpdatePlatformStatus(ctx, p); err != nil {
+ klog.V(log.E).ErrorS(err, "Error updating the platform status")
+ return err
+ }
-// ReplaceFromImageTagDockerfile replaces the "FROM" clause from the given dockerfile with the given fromReplacement.
-// For example: "FROM myimage:latest AS builder"
-func ReplaceFromImageTagDockerfile(dockerfile string, fromReplacement string) string {
- return string(builderDockerfileFromRE.ReplaceAll([]byte(dockerfile), []byte(fromReplacement)))
+ // FIXME: We should never update the object within methods like this, but let the actual reconciler to do it
+ // https://github.com/apache/incubator-kie-tools/packages/sonataflow-operator/issues/538
+ if err = SafeUpdatePlatform(ctx, p); err != nil {
+ klog.V(log.E).ErrorS(err, "Error updating the platform")
+ return err
+ }
+ return nil
diff --git a/packages/sonataflow-operator/controllers/platform/initialize.go b/packages/sonataflow-operator/internal/controller/platform/initialize.go
similarity index 93%
rename from packages/sonataflow-operator/controllers/platform/initialize.go
rename to packages/sonataflow-operator/internal/controller/platform/initialize.go
index 756e80a5b28..b4abd3f4f6b 100644
--- a/packages/sonataflow-operator/controllers/platform/initialize.go
+++ b/packages/sonataflow-operator/internal/controller/platform/initialize.go
@@ -22,9 +22,10 @@ package platform
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
corev1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
@@ -61,24 +62,24 @@ func (action *initializeAction) CanHandle(platform *operatorapi.SonataFlowPlatfo
return platform.Status.GetTopLevelCondition().IsUnknown() || platform.Status.IsDuplicated()
-func (action *initializeAction) Handle(ctx context.Context, platform *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, error) {
+func (action *initializeAction) Handle(ctx context.Context, platform *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, *corev1.Event, error) {
duplicate, err := action.isPrimaryDuplicate(ctx, platform)
if err != nil {
- return nil, err
+ return nil, nil, err
if duplicate {
// another platform already present in the namespace
if !platform.Status.IsDuplicated() {
plat := platform.DeepCopy()
plat.Status.Manager().MarkFalse(api.SucceedConditionType, operatorapi.PlatformDuplicatedReason, "")
- return plat, nil
+ return plat, nil, nil
- return nil, nil
+ return nil, nil, nil
- if err = ConfigureDefaults(ctx, action.client, platform, true); err != nil {
- return nil, err
+ if err = CreateOrUpdateWithDefaults(ctx, platform, true); err != nil {
+ return nil, nil, err
// nolint: staticcheck
if platform.Spec.Build.Config.BuildStrategy == operatorapi.OperatorBuildStrategy {
@@ -88,13 +89,13 @@ func (action *initializeAction) Handle(ctx context.Context, platform *operatorap
klog.V(log.I).InfoS("Create persistent volume claim")
err := createPersistentVolumeClaim(ctx, action.client, platform)
if err != nil {
- return nil, err
+ return nil, nil, err
// Create the Kaniko warmer pod that caches the base image into the SonataFlow builder volume
klog.V(log.I).InfoS("Create Kaniko cache warmer pod")
err = createKanikoCacheWarmerPod(ctx, action.client, platform)
if err != nil {
- return nil, err
+ return nil, nil, err
platform.Status.Manager().MarkFalse(api.SucceedConditionType, operatorapi.PlatformWarmingReason, "")
} else {
@@ -106,7 +107,7 @@ func (action *initializeAction) Handle(ctx context.Context, platform *operatorap
platform.Status.Version = metadata.SpecVersion
- return platform, nil
+ return platform, nil, nil
// TODO: move this to Kaniko packages based on the platform context
@@ -131,14 +132,14 @@ func createPersistentVolumeClaim(ctx context.Context, client client.Client, plat
Namespace: platform.Namespace,
Name: pvcName,
Labels: map[string]string{
- "app": "sonataflow-operator",
+ "app": "kogito-serverless-operator",
Spec: corev1.PersistentVolumeClaimSpec{
AccessModes: []corev1.PersistentVolumeAccessMode{
- Resources: corev1.ResourceRequirements{
+ Resources: corev1.VolumeResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceStorage: volumeSize,
diff --git a/packages/sonataflow-operator/controllers/platform/k8s.go b/packages/sonataflow-operator/internal/controller/platform/k8s.go
similarity index 54%
rename from packages/sonataflow-operator/controllers/platform/k8s.go
rename to packages/sonataflow-operator/internal/controller/platform/k8s.go
index e62a89d886e..db90d01a825 100644
--- a/packages/sonataflow-operator/controllers/platform/k8s.go
+++ b/packages/sonataflow-operator/internal/controller/platform/k8s.go
@@ -21,21 +21,28 @@ package platform
import (
+ "fmt"
+ "k8s.io/klog/v2"
+ "github.com/imdario/mergo"
+ appsv1 "k8s.io/api/apps/v1"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
+ sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform/services"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/variables"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform/services"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/variables"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
- appsv1 "k8s.io/api/apps/v1"
- corev1 "k8s.io/api/core/v1"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/klog/v2"
- "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
// NewServiceAction returns an action that deploys the services.
@@ -55,37 +62,40 @@ func (action *serviceAction) CanHandle(platform *operatorapi.SonataFlowPlatform)
return platform.Status.IsReady()
-func (action *serviceAction) Handle(ctx context.Context, platform *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, error) {
+func (action *serviceAction) Handle(ctx context.Context, platform *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, *corev1.Event, error) {
// Refresh applied configuration
- if err := ConfigureDefaults(ctx, action.client, platform, false); err != nil {
- return nil, err
+ if err := CreateOrUpdateWithDefaults(ctx, platform, false); err != nil {
+ return nil, nil, err
psDI := services.NewDataIndexHandler(platform)
if psDI.IsServiceSetInSpec() {
- if err := createOrUpdateServiceComponents(ctx, action.client, platform, psDI); err != nil {
- return nil, err
+ if event, err := createOrUpdateServiceComponents(ctx, action.client, platform, psDI); err != nil {
+ return nil, event, err
psJS := services.NewJobServiceHandler(platform)
if psJS.IsServiceSetInSpec() {
- if err := createOrUpdateServiceComponents(ctx, action.client, platform, psJS); err != nil {
- return nil, err
+ if event, err := createOrUpdateServiceComponents(ctx, action.client, platform, psJS); err != nil {
+ return nil, event, err
- return platform, nil
+ return platform, nil, nil
-func createOrUpdateServiceComponents(ctx context.Context, client client.Client, platform *operatorapi.SonataFlowPlatform, psh services.PlatformServiceHandler) error {
+func createOrUpdateServiceComponents(ctx context.Context, client client.Client, platform *operatorapi.SonataFlowPlatform, psh services.PlatformServiceHandler) (*corev1.Event, error) {
if err := createOrUpdateConfigMap(ctx, client, platform, psh); err != nil {
- return err
+ return nil, err
if err := createOrUpdateDeployment(ctx, client, platform, psh); err != nil {
- return err
+ return nil, err
+ }
+ if err := createOrUpdateService(ctx, client, platform, psh); err != nil {
+ return nil, err
- return createOrUpdateService(ctx, client, platform, psh)
+ return createOrUpdateKnativeResources(ctx, client, platform, psh)
func createOrUpdateDeployment(ctx context.Context, client client.Client, platform *operatorapi.SonataFlowPlatform, psh services.PlatformServiceHandler) error {
@@ -106,7 +116,7 @@ func createOrUpdateDeployment(ctx context.Context, client client.Client, platfor
liveProbe := readyProbe.DeepCopy()
liveProbe.ProbeHandler.HTTPGet.Path = constants.QuarkusHealthPathLive
imageTag := psh.GetServiceImageName(constants.PersistenceTypeEphemeral)
- dataDeployContainer := &corev1.Container{
+ serviceContainer := &corev1.Container{
Image: imageTag,
ImagePullPolicy: kubeutil.GetImagePullPolicy(imageTag),
Env: psh.GetEnvironmentVariables(),
@@ -115,7 +125,7 @@ func createOrUpdateDeployment(ctx context.Context, client client.Client, platfor
LivenessProbe: liveProbe,
Ports: []corev1.ContainerPort{
- Name: utils.HttpScheme,
+ Name: utils.DefaultServicePortName,
ContainerPort: int32(constants.DefaultHTTPWorkflowPortInt),
Protocol: corev1.ProtocolTCP,
@@ -127,22 +137,30 @@ func createOrUpdateDeployment(ctx context.Context, client client.Client, platfor
- dataDeployContainer = psh.ConfigurePersistence(dataDeployContainer)
- dataDeployContainer, err := psh.MergeContainerSpec(dataDeployContainer)
+ serviceContainer = psh.ConfigurePersistence(serviceContainer)
+ serviceContainer, err := psh.MergeContainerSpec(serviceContainer)
if err != nil {
return err
// immutable
- dataDeployContainer.Name = psh.GetContainerName()
+ serviceContainer.Name = psh.GetContainerName()
replicas := psh.GetReplicaCount()
+ kSinkInjected, err := psh.CheckKSinkInjected()
+ if err != nil {
+ return nil
+ }
+ if !kSinkInjected {
+ replicas = 0 // Wait for K_SINK injection
+ }
lbl, selectorLbl := getLabels(platform, psh)
- dataDeploySpec := appsv1.DeploymentSpec{
+ serviceDeploymentSpec := appsv1.DeploymentSpec{
Selector: &metav1.LabelSelector{
MatchLabels: selectorLbl,
Replicas: &replicas,
+ Strategy: psh.GetDeploymentStrategy(),
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Labels: lbl,
@@ -164,33 +182,38 @@ func createOrUpdateDeployment(ctx context.Context, client client.Client, platfor
- dataDeploySpec.Template.Spec, err = psh.MergePodSpec(dataDeploySpec.Template.Spec)
+ serviceDeploymentSpec.Template.Spec, err = psh.MergePodSpec(serviceDeploymentSpec.Template.Spec)
if err != nil {
return err
- kubeutil.AddOrReplaceContainer(dataDeployContainer.Name, *dataDeployContainer, &dataDeploySpec.Template.Spec)
+ kubeutil.AddOrReplaceContainer(serviceContainer.Name, *serviceContainer, &serviceDeploymentSpec.Template.Spec)
- dataDeploy := &appsv1.Deployment{
+ serviceDeployment := &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Namespace: platform.Namespace,
Name: psh.GetServiceName(),
Labels: lbl,
- if err := controllerutil.SetControllerReference(platform, dataDeploy, client.Scheme()); err != nil {
+ if err := controllerutil.SetControllerReference(platform, serviceDeployment, client.Scheme()); err != nil {
return err
// Create or Update the deployment
- if op, err := controllerutil.CreateOrUpdate(ctx, client, dataDeploy, func() error {
- dataDeploy.Spec = dataDeploySpec
+ if op, err := controllerutil.CreateOrUpdate(ctx, client, serviceDeployment, func() error {
+ knative.SaveKnativeData(&serviceDeploymentSpec.Template.Spec, &serviceDeployment.Spec.Template.Spec)
+ err := mergo.Merge(&(serviceDeployment.Spec), serviceDeploymentSpec, mergo.WithOverride)
+ // mergo.Merge algorithm is not setting the serviceDeployment.Spec.Replicas when the
+ // *serviceDeploymentSpec.Replicas is 0. Making impossible to scale to zero. Ensure the value.
+ serviceDeployment.Spec.Replicas = serviceDeploymentSpec.Replicas
+ if err != nil {
+ return err
+ }
return nil
}); err != nil {
return err
} else {
klog.V(log.I).InfoS("Deployment successfully reconciled", "operation", op)
return nil
@@ -199,7 +222,7 @@ func createOrUpdateService(ctx context.Context, client client.Client, platform *
dataSvcSpec := corev1.ServiceSpec{
Ports: []corev1.ServicePort{
- Name: utils.HttpScheme,
+ Name: utils.DefaultServicePortName,
Protocol: corev1.ProtocolTCP,
Port: 80,
TargetPort: variables.DefaultHTTPWorkflowPortIntStr,
@@ -233,8 +256,13 @@ func createOrUpdateService(ctx context.Context, client client.Client, platform *
func getLabels(platform *operatorapi.SonataFlowPlatform, psh services.PlatformServiceHandler) (map[string]string, map[string]string) {
lbl := map[string]string{
- workflowproj.LabelApp: platform.Name,
- workflowproj.LabelService: psh.GetServiceName(),
+ workflowproj.LabelApp: platform.Name,
+ workflowproj.LabelAppNamespace: platform.Namespace,
+ workflowproj.LabelService: psh.GetServiceName(),
+ workflowproj.LabelK8SName: psh.GetContainerName(),
+ workflowproj.LabelK8SComponent: psh.GetServiceName(),
+ workflowproj.LabelK8SPartOF: platform.Name,
+ workflowproj.LabelK8SManagedBy: "sonataflow-operator",
selectorLbl := map[string]string{
workflowproj.LabelService: psh.GetServiceName(),
@@ -248,6 +276,7 @@ func createOrUpdateConfigMap(ctx context.Context, client client.Client, platform
return err
lbl, _ := getLabels(platform, psh)
+ dataStr := handler.Build()
configMap := &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: psh.GetServiceCmName(),
@@ -255,7 +284,7 @@ func createOrUpdateConfigMap(ctx context.Context, client client.Client, platform
Labels: lbl,
Data: map[string]string{
- workflowproj.ApplicationPropertiesFileName: handler.Build(),
+ workflowproj.ApplicationPropertiesFileName: dataStr,
if err := controllerutil.SetControllerReference(platform, configMap, client.Scheme()); err != nil {
@@ -264,7 +293,7 @@ func createOrUpdateConfigMap(ctx context.Context, client client.Client, platform
// Create or Update the service
if op, err := controllerutil.CreateOrUpdate(ctx, client, configMap, func() error {
- configMap.Data[workflowproj.ApplicationPropertiesFileName] = handler.WithUserProperties(configMap.Data[workflowproj.ApplicationPropertiesFileName]).Build()
+ configMap.Data[workflowproj.ApplicationPropertiesFileName] = handler.WithUserProperties(dataStr).Build()
return nil
}); err != nil {
@@ -272,6 +301,94 @@ func createOrUpdateConfigMap(ctx context.Context, client client.Client, platform
} else {
klog.V(log.I).InfoS("ConfigMap successfully reconciled", "operation", op)
+ return nil
+func setSonataFlowPlatformFinalizer(ctx context.Context, c client.Client, platform *operatorapi.SonataFlowPlatform) error {
+ if !controllerutil.ContainsFinalizer(platform, constants.TriggerFinalizer) {
+ controllerutil.AddFinalizer(platform, constants.TriggerFinalizer)
+ return c.Update(ctx, platform)
+ }
return nil
+func createOrUpdateKnativeResources(ctx context.Context, client client.Client, platform *operatorapi.SonataFlowPlatform, psh services.PlatformServiceHandler) (*corev1.Event, error) {
+ lbl, _ := getLabels(platform, psh)
+ objs, event, err := psh.GenerateKnativeResources(platform, lbl)
+ if err != nil {
+ return event, err
+ }
+ // Create or update triggers
+ for _, obj := range objs {
+ if triggerDef, ok := obj.(*eventingv1.Trigger); ok {
+ if platform.Namespace == obj.GetNamespace() {
+ if err := controllerutil.SetControllerReference(platform, obj, client.Scheme()); err != nil {
+ return nil, err
+ }
+ } else {
+ // This is for Knative trigger in a different namespace
+ // Set the finalizer for trigger cleanup when the platform is deleted
+ if err := setSonataFlowPlatformFinalizer(ctx, client, platform); err != nil {
+ return nil, err
+ }
+ }
+ trigger := &eventingv1.Trigger{
+ ObjectMeta: triggerDef.ObjectMeta,
+ }
+ _, err := controllerutil.CreateOrUpdate(ctx, client, trigger, func() error {
+ trigger.Spec = triggerDef.Spec
+ return nil
+ })
+ if err != nil {
+ return nil, err
+ }
+ addToSonataFlowPlatformTriggerList(platform, trigger)
+ }
+ }
+ if err := SafeUpdatePlatformStatus(ctx, platform); err != nil {
+ return nil, err
+ }
+ // Create or update sinkbindings
+ for _, obj := range objs {
+ if sbDef, ok := obj.(*sourcesv1.SinkBinding); ok {
+ if err := controllerutil.SetControllerReference(platform, obj, client.Scheme()); err != nil {
+ return nil, err
+ }
+ sinkBinding := &sourcesv1.SinkBinding{
+ ObjectMeta: sbDef.ObjectMeta,
+ }
+ _, err = controllerutil.CreateOrUpdate(ctx, client, sinkBinding, func() error {
+ sinkBinding.Spec = sbDef.Spec
+ return nil
+ })
+ if err != nil {
+ return nil, err
+ }
+ kSinkInjected, err := psh.CheckKSinkInjected()
+ if err != nil {
+ return nil, err
+ }
+ if !kSinkInjected {
+ msg := fmt.Sprintf("waiting for K_SINK injection for service %s to complete", psh.GetServiceName())
+ event := &corev1.Event{
+ Type: corev1.EventTypeWarning,
+ Reason: services.WaitingKnativeEventing,
+ Message: msg,
+ }
+ return event, fmt.Errorf(msg)
+ }
+ }
+ }
+ return nil, nil
+func addToSonataFlowPlatformTriggerList(platform *operatorapi.SonataFlowPlatform, trigger *eventingv1.Trigger) {
+ for _, t := range platform.Status.Triggers {
+ if t.Name == trigger.Name && t.Namespace == trigger.Namespace {
+ return // trigger already exists
+ }
+ }
+ platform.Status.Triggers = append(platform.Status.Triggers, operatorapi.SonataFlowPlatformTriggerRef{Name: trigger.Name, Namespace: trigger.Namespace})
diff --git a/packages/sonataflow-operator/controllers/platform/kaniko_cache.go b/packages/sonataflow-operator/internal/controller/platform/kaniko_cache.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/platform/kaniko_cache.go
rename to packages/sonataflow-operator/internal/controller/platform/kaniko_cache.go
index e7ad2d54c61..1bdbfa5c38b 100644
--- a/packages/sonataflow-operator/controllers/platform/kaniko_cache.go
+++ b/packages/sonataflow-operator/internal/controller/platform/kaniko_cache.go
@@ -22,12 +22,13 @@ package platform
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
corev1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
v08 "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
diff --git a/packages/sonataflow-operator/controllers/platform/monitor.go b/packages/sonataflow-operator/internal/controller/platform/monitor.go
similarity index 91%
rename from packages/sonataflow-operator/controllers/platform/monitor.go
rename to packages/sonataflow-operator/internal/controller/platform/monitor.go
index 71ce092c285..cf957e6e463 100644
--- a/packages/sonataflow-operator/controllers/platform/monitor.go
+++ b/packages/sonataflow-operator/internal/controller/platform/monitor.go
@@ -22,6 +22,7 @@ package platform
import (
+ corev1 "k8s.io/api/core/v1"
@@ -46,7 +47,7 @@ func (action *monitorAction) CanHandle(platform *operatorapi.SonataFlowPlatform)
return platform.Status.IsReady()
-func (action *monitorAction) Handle(ctx context.Context, platform *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, error) {
+func (action *monitorAction) Handle(ctx context.Context, platform *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, *corev1.Event, error) {
// Just track the version of the operator in the platform resource
if platform.Status.Version != metadata.SpecVersion {
platform.Status.Version = metadata.SpecVersion
@@ -54,9 +55,9 @@ func (action *monitorAction) Handle(ctx context.Context, platform *operatorapi.S
// Refresh applied configuration
- if err := ConfigureDefaults(ctx, action.client, platform, false); err != nil {
- return nil, err
+ if err := CreateOrUpdateWithDefaults(ctx, platform, false); err != nil {
+ return nil, nil, err
- return platform, nil
+ return platform, nil, nil
diff --git a/packages/sonataflow-operator/controllers/platform/platform.go b/packages/sonataflow-operator/internal/controller/platform/platform.go
similarity index 91%
rename from packages/sonataflow-operator/controllers/platform/platform.go
rename to packages/sonataflow-operator/internal/controller/platform/platform.go
index f01641854ab..c98e6ff9b5a 100644
--- a/packages/sonataflow-operator/controllers/platform/platform.go
+++ b/packages/sonataflow-operator/internal/controller/platform/platform.go
@@ -25,6 +25,7 @@ import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
coordination "k8s.io/api/coordination/v1"
@@ -147,13 +148,41 @@ func getLocalPlatform(ctx context.Context, c ctrl.Client, namespace string, acti
klog.V(log.I).InfoS("Not found a local build platform", "Namespace", namespace)
klog.V(log.I).InfoS("Creating a default SonataFlowPlatform", "Namespace", namespace)
- sfp := newDefaultSonataFlowPlatform(namespace)
- if err = c.Create(ctx, sfp); err != nil {
+ sfp := newEmptySonataFlowPlatform(namespace)
+ if err = CreateOrUpdateWithDefaults(ctx, sfp, false); err != nil {
return nil, err
return sfp, nil
+func newEmptySonataFlowPlatform(namespace string) *operatorapi.SonataFlowPlatform {
+ if utils.IsOpenShift() {
+ return &operatorapi.SonataFlowPlatform{
+ ObjectMeta: metav1.ObjectMeta{Name: defaultSonataFlowPlatformName, Namespace: namespace},
+ Spec: operatorapi.SonataFlowPlatformSpec{
+ Build: operatorapi.BuildPlatformSpec{
+ Config: operatorapi.BuildPlatformConfig{
+ BuildStrategy: operatorapi.PlatformBuildStrategy,
+ },
+ },
+ },
+ }
+ }
+ return &operatorapi.SonataFlowPlatform{
+ ObjectMeta: metav1.ObjectMeta{Name: defaultSonataFlowPlatformName, Namespace: namespace},
+ Spec: operatorapi.SonataFlowPlatformSpec{
+ Build: operatorapi.BuildPlatformSpec{
+ Config: operatorapi.BuildPlatformConfig{
+ BuildStrategyOptions: map[string]string{
+ kanikoBuildCacheEnabled: "true",
+ },
+ },
+ },
+ },
+ }
// listPrimaryPlatforms returns all non-secondary platforms installed in a given namespace (only one will be active).
func listPrimaryPlatforms(ctx context.Context, c ctrl.Reader, namespace string) (*operatorapi.SonataFlowPlatformList, error) {
lst, err := listAllPlatforms(ctx, c, namespace)
diff --git a/packages/sonataflow-operator/internal/controller/platform/platformutils.go b/packages/sonataflow-operator/internal/controller/platform/platformutils.go
new file mode 100644
index 00000000000..390d0637daa
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/platform/platformutils.go
@@ -0,0 +1,98 @@
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package platform
+import (
+ "context"
+ "regexp"
+ "strings"
+ "k8s.io/apimachinery/pkg/types"
+ "k8s.io/client-go/util/retry"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ ctrl "sigs.k8s.io/controller-runtime/pkg/client"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+var builderDockerfileFromRE = regexp.MustCompile(`FROM (.*) AS builder`)
+// ResourceCustomizer can be used to inject code that changes the objects before they are created.
+type ResourceCustomizer func(object ctrl.Object) ctrl.Object
+// GetCustomizedBuilderDockerfile determines if the default Dockerfile provided by the
+// sonataflow-operator-builder-config_v1_configmap.yaml must be customized to use a different builder base image,
+// before building a workflow.
+// The following ordered criteria are applied:
+// 1) if the current platform has a configured platform.Spec.Build.Config.BaseImage, that base image must be used.
+// 2) if the current sonataflow-operator-controllers-config.yaml has a configured SonataFlowBaseBuilderImageTag, that
+// base image must be used.
+// 3) No customization apply.
+func GetCustomizedBuilderDockerfile(dockerfile string, platform operatorapi.SonataFlowPlatform) string {
+ if len(platform.Spec.Build.Config.BaseImage) > 0 {
+ dockerfile = strings.Replace(dockerfile, GetFromImageTagDockerfile(dockerfile), platform.Spec.Build.Config.BaseImage, 1)
+ } else if len(cfg.GetCfg().SonataFlowBaseBuilderImageTag) > 0 {
+ dockerfile = strings.Replace(dockerfile, GetFromImageTagDockerfile(dockerfile), cfg.GetCfg().SonataFlowBaseBuilderImageTag, 1)
+ }
+ return dockerfile
+func GetFromImageTagDockerfile(dockerfile string) string {
+ res := builderDockerfileFromRE.FindAllStringSubmatch(dockerfile, 1)
+ return strings.Trim(res[0][1], " ")
+// ReplaceFromImageTagDockerfile replaces the "FROM" clause from the given dockerfile with the given fromReplacement.
+// For example: "FROM myimage:latest AS builder"
+func ReplaceFromImageTagDockerfile(dockerfile string, fromReplacement string) string {
+ return string(builderDockerfileFromRE.ReplaceAll([]byte(dockerfile), []byte(fromReplacement)))
+func SafeUpdatePlatform(ctx context.Context, target *operatorapi.SonataFlowPlatform) error {
+ return retry.RetryOnConflict(retry.DefaultRetry, func() error {
+ refreshedInst := &operatorapi.SonataFlowPlatform{}
+ if getErr := utils.GetClient().Get(ctx, types.NamespacedName{Namespace: target.Namespace, Name: target.Name}, refreshedInst); getErr != nil {
+ return getErr
+ }
+ refreshedInst.Spec = target.Spec
+ if updateErr := utils.GetClient().Update(ctx, refreshedInst); updateErr != nil {
+ return updateErr
+ }
+ return nil
+ })
+func SafeUpdatePlatformStatus(ctx context.Context, target *operatorapi.SonataFlowPlatform) error {
+ return retry.RetryOnConflict(retry.DefaultRetry, func() error {
+ refreshedInst := &operatorapi.SonataFlowPlatform{}
+ if getErr := utils.GetClient().Get(ctx, types.NamespacedName{Namespace: target.Namespace, Name: target.Name}, refreshedInst); getErr != nil {
+ return getErr
+ }
+ refreshedInst.Status = target.Status
+ if updateErr := utils.GetClient().Status().Update(ctx, refreshedInst); updateErr != nil {
+ return updateErr
+ }
+ return nil
+ })
diff --git a/packages/sonataflow-operator/internal/controller/platform/platformutils_test.go b/packages/sonataflow-operator/internal/controller/platform/platformutils_test.go
new file mode 100644
index 00000000000..a8208fd517f
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/platform/platformutils_test.go
@@ -0,0 +1,104 @@
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package platform
+import (
+ "os"
+ "regexp"
+ "testing"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ "github.com/stretchr/testify/assert"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
+const dockerFile = "FROM host/namespace/default-test-kie-sonataflow-builder:main AS builder\n\n# ETC, \n\n# ETC, \n\n# ETC"
+func TestSonataFlowBuildController(t *testing.T) {
+ platform := test.GetBasePlatform()
+ dockerfileBytes, err := os.ReadFile("testdata/platformTest.Dockerfile")
+ if err != nil {
+ assert.Fail(t, "Unable to read base Dockerfile")
+ }
+ dockerfile := string(dockerfileBytes)
+ // 1 - Let's verify that the default image is used (for this unit test is docker.io/apache/incubator-kie-sonataflow-builder:main)
+ resDefault := GetCustomizedBuilderDockerfile(dockerfile, *platform)
+ foundDefault, err := regexp.MatchString("FROM docker.io/apache/incubator-kie-sonataflow-builder:main AS builder", resDefault)
+ assert.NoError(t, err)
+ assert.True(t, foundDefault)
+ // 2 - Let's try to override using the productized image
+ platform.Spec.Build.Config.BaseImage = "registry.access.redhat.com/openshift-serverless-1-tech-preview/logic-swf-builder-rhel8"
+ resProductized := GetCustomizedBuilderDockerfile(dockerfile, *platform)
+ foundProductized, err := regexp.MatchString("FROM registry.access.redhat.com/openshift-serverless-1-tech-preview/logic-swf-builder-rhel8 AS builder", resProductized)
+ assert.NoError(t, err)
+ assert.True(t, foundProductized)
+func TestGetCustomizedBuilderDockerfile_NoBaseImageCustomization(t *testing.T) {
+ sfp := v1alpha08.SonataFlowPlatform{
+ TypeMeta: metav1.TypeMeta{},
+ ObjectMeta: metav1.ObjectMeta{},
+ Spec: v1alpha08.SonataFlowPlatformSpec{},
+ Status: v1alpha08.SonataFlowPlatformStatus{},
+ }
+ customizedDockerfile := GetCustomizedBuilderDockerfile(dockerFile, sfp)
+ assert.Equal(t, dockerFile, customizedDockerfile)
+func TestGetCustomizedBuilderDockerfile_BaseImageCustomizationFromPlatform(t *testing.T) {
+ sfp := v1alpha08.SonataFlowPlatform{
+ TypeMeta: metav1.TypeMeta{},
+ ObjectMeta: metav1.ObjectMeta{},
+ Spec: v1alpha08.SonataFlowPlatformSpec{
+ Build: v1alpha08.BuildPlatformSpec{
+ Template: v1alpha08.BuildTemplate{},
+ Config: v1alpha08.BuildPlatformConfig{
+ BaseImage: "docker.io/apache/platfom-sonataflow-builder:main",
+ },
+ },
+ },
+ Status: v1alpha08.SonataFlowPlatformStatus{},
+ }
+ expectedDockerFile := "FROM docker.io/apache/platfom-sonataflow-builder:main AS builder\n\n# ETC, \n\n# ETC, \n\n# ETC"
+ customizedDockerfile := GetCustomizedBuilderDockerfile(dockerFile, sfp)
+ assert.Equal(t, expectedDockerFile, customizedDockerfile)
+func TestGetCustomizedBuilderDockerfile_BaseImageCustomizationFromControllersConfig(t *testing.T) {
+ sfp := v1alpha08.SonataFlowPlatform{
+ TypeMeta: metav1.TypeMeta{},
+ ObjectMeta: metav1.ObjectMeta{},
+ Spec: v1alpha08.SonataFlowPlatformSpec{},
+ Status: v1alpha08.SonataFlowPlatformStatus{},
+ }
+ _, err := cfg.InitializeControllersCfgAt("../cfg/testdata/controllers-cfg-test.yaml")
+ assert.NoError(t, err)
+ expectedDockerFile := "FROM local/sonataflow-builder:1.0.0 AS builder\n\n# ETC, \n\n# ETC, \n\n# ETC"
+ customizedDockerfile := GetCustomizedBuilderDockerfile(dockerFile, sfp)
+ assert.Equal(t, expectedDockerFile, customizedDockerfile)
diff --git a/packages/sonataflow-operator/controllers/platform/services/properties.go b/packages/sonataflow-operator/internal/controller/platform/services/properties.go
similarity index 78%
rename from packages/sonataflow-operator/controllers/platform/services/properties.go
rename to packages/sonataflow-operator/internal/controller/platform/services/properties.go
index b550595218b..56436e6e537 100644
--- a/packages/sonataflow-operator/controllers/platform/services/properties.go
+++ b/packages/sonataflow-operator/internal/controller/platform/services/properties.go
@@ -24,14 +24,16 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
@@ -161,6 +163,10 @@ func GenerateDataIndexWorkflowProperties(workflow *operatorapi.SonataFlow, platf
props := properties.NewProperties()
props.Set(constants.KogitoProcessDefinitionsEventsEnabled, "false")
props.Set(constants.KogitoProcessInstancesEventsEnabled, "false")
+ sink, err := knative.GetWorkflowSink(workflow, platform)
+ if err != nil {
+ return nil, err
+ }
di := NewDataIndexHandler(platform)
if !profiles.IsDevProfile(workflow) && workflow != nil && workflow.Status.Services != nil && workflow.Status.Services.DataIndexRef != nil {
serviceBaseUrl := workflow.Status.Services.DataIndexRef.Url
@@ -168,10 +174,19 @@ func GenerateDataIndexWorkflowProperties(workflow *operatorapi.SonataFlow, platf
props.Set(constants.KogitoProcessDefinitionsEventsEnabled, "true")
props.Set(constants.KogitoProcessInstancesEventsEnabled, "true")
props.Set(constants.KogitoProcessDefinitionsEventsErrorsEnabled, "true")
- props.Set(constants.KogitoDataIndexHealthCheckEnabled, "true")
- props.Set(constants.KogitoDataIndexURL, serviceBaseUrl)
- props.Set(constants.KogitoProcessDefinitionsEventsURL, serviceBaseUrl+constants.KogitoProcessDefinitionsEventsPath)
- props.Set(constants.KogitoProcessInstancesEventsURL, serviceBaseUrl+constants.KogitoProcessInstancesEventsPath)
+ if sink != nil {
+ props.Set(constants.KogitoProcessDefinitionsEventsConnector, constants.QuarkusHTTP)
+ props.Set(constants.KogitoProcessInstancesEventsConnector, constants.QuarkusHTTP)
+ props.Set(constants.KogitoProcessDefinitionsEventsURL, constants.KnativeInjectedEnvVar)
+ props.Set(constants.KogitoProcessInstancesEventsURL, constants.KnativeInjectedEnvVar)
+ props.Set(constants.KogitoProcessDefinitionsEventsMethod, constants.Post)
+ props.Set(constants.KogitoProcessInstancesEventsMethod, constants.Post)
+ } else {
+ props.Set(constants.KogitoDataIndexHealthCheckEnabled, "true")
+ props.Set(constants.KogitoDataIndexURL, serviceBaseUrl)
+ props.Set(constants.KogitoProcessDefinitionsEventsURL, serviceBaseUrl+constants.KogitoProcessDefinitionsEventsPath)
+ props.Set(constants.KogitoProcessInstancesEventsURL, serviceBaseUrl+constants.KogitoProcessInstancesEventsPath)
+ }
@@ -186,16 +201,26 @@ func GenerateDataIndexWorkflowProperties(workflow *operatorapi.SonataFlow, platf
func GenerateJobServiceWorkflowProperties(workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) (*properties.Properties, error) {
props := properties.NewProperties()
props.Set(constants.JobServiceRequestEventsConnector, constants.QuarkusHTTP)
- props.Set(constants.JobServiceRequestEventsURL, fmt.Sprintf("%s://localhost/v2/jobs/events", constants.JobServiceURLProtocol))
+ props.Set(constants.JobServiceRequestEventsURL, fmt.Sprintf("%s://localhost%s", constants.DefaultHTTPProtocol, constants.JobServiceJobEventsPath))
+ sink, err := knative.GetWorkflowSink(workflow, platform)
+ if err != nil {
+ return nil, err
+ }
js := NewJobServiceHandler(platform)
if !profiles.IsDevProfile(workflow) && workflow != nil && workflow.Status.Services != nil && workflow.Status.Services.JobServiceRef != nil {
serviceBaseUrl := workflow.Status.Services.JobServiceRef.Url
if js.IsServiceEnabled() && len(serviceBaseUrl) > 0 {
- if workflowdef.HasTimeouts(workflow) {
- props.Set(constants.KogitoJobServiceHealthCheckEnabled, "true")
+ if sink != nil {
+ props.Set(constants.JobServiceRequestEventsURL, constants.KnativeInjectedEnvVar)
+ props.Set(constants.JobServiceRequestEventsConnector, constants.QuarkusHTTP)
+ props.Set(constants.JobServiceRequestEventsMethod, constants.Post)
+ } else {
+ if workflowdef.HasTimeouts(workflow) {
+ props.Set(constants.KogitoJobServiceHealthCheckEnabled, "true")
+ }
+ props.Set(constants.KogitoJobServiceURL, serviceBaseUrl)
+ props.Set(constants.JobServiceRequestEventsURL, serviceBaseUrl+constants.JobServiceJobEventsPath)
- props.Set(constants.KogitoJobServiceURL, serviceBaseUrl)
- props.Set(constants.JobServiceRequestEventsURL, serviceBaseUrl+constants.JobServiceJobEventsPath)
diff --git a/packages/sonataflow-operator/controllers/platform/services/properties_services_test.go b/packages/sonataflow-operator/internal/controller/platform/services/properties_services_test.go
similarity index 89%
rename from packages/sonataflow-operator/controllers/platform/services/properties_services_test.go
rename to packages/sonataflow-operator/internal/controller/platform/services/properties_services_test.go
index 3efed980c33..686022a80ac 100644
--- a/packages/sonataflow-operator/controllers/platform/services/properties_services_test.go
+++ b/packages/sonataflow-operator/internal/controller/platform/services/properties_services_test.go
@@ -20,10 +20,11 @@
package services
import (
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
@@ -103,6 +104,8 @@ func generateJobServiceDeploymentDevProperties() *properties.Properties {
p.Set("quarkus.http.port", "8080")
p.Set("quarkus.kogito.devservices.enabled", "false")
p.Set(`quarkus.smallrye-health.check."org.kie.kogito.jobs.service.messaging.http.health.knative.KSinkInjectionHealthCheck".enabled`, "false")
+ p.Set(`quarkus.smallrye-health.check."org.kie.kogito.jobs.service.management.JobServiceLeaderLivenessHealthCheck".enabled`, "true")
+ p.Set("kogito.jobs-service.management.leader-check.expiration-in-seconds", "60")
return p
@@ -128,6 +131,8 @@ func generateJobServiceDeploymentWithPostgreSQLProperties() *properties.Properti
p.Set("quarkus.kogito.devservices.enabled", "false")
p.Set(`quarkus.smallrye-health.check."org.kie.kogito.jobs.service.messaging.http.health.knative.KSinkInjectionHealthCheck".enabled`, "false")
p.Set("quarkus.datasource.reactive.url", "postgresql://postgres:5432/sonataflow?search_path=myschema")
+ p.Set(`quarkus.smallrye-health.check."org.kie.kogito.jobs.service.management.JobServiceLeaderLivenessHealthCheck".enabled`, "true")
+ p.Set("kogito.jobs-service.management.leader-check.expiration-in-seconds", "60")
return p
@@ -142,6 +147,8 @@ func generateJobServiceDeploymentWithDataIndexAndEphemeralProperties() *properti
p.Set("quarkus.http.port", "8080")
p.Set("quarkus.kogito.devservices.enabled", "false")
p.Set(`quarkus.smallrye-health.check."org.kie.kogito.jobs.service.messaging.http.health.knative.KSinkInjectionHealthCheck".enabled`, "false")
+ p.Set(`quarkus.smallrye-health.check."org.kie.kogito.jobs.service.management.JobServiceLeaderLivenessHealthCheck".enabled`, "true")
+ p.Set("kogito.jobs-service.management.leader-check.expiration-in-seconds", "60")
return p
@@ -157,6 +164,8 @@ func generateJobServiceDeploymentWithDataIndexAndPostgreSQLProperties() *propert
p.Set("quarkus.kogito.devservices.enabled", "false")
p.Set(`quarkus.smallrye-health.check."org.kie.kogito.jobs.service.messaging.http.health.knative.KSinkInjectionHealthCheck".enabled`, "false")
p.Set("quarkus.datasource.reactive.url", "postgresql://postgres:5432/sonataflow?search_path=myschema")
+ p.Set(`quarkus.smallrye-health.check."org.kie.kogito.jobs.service.management.JobServiceLeaderLivenessHealthCheck".enabled`, "true")
+ p.Set("kogito.jobs-service.management.leader-check.expiration-in-seconds", "60")
return p
@@ -177,7 +186,7 @@ func setJobServiceEnabledValue(v *bool) plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.JobService == nil {
- p.Spec.Services.JobService = &operatorapi.ServiceSpec{}
+ p.Spec.Services.JobService = &operatorapi.JobServiceServiceSpec{}
p.Spec.Services.JobService.Enabled = v
@@ -189,7 +198,7 @@ func setDataIndexEnabledValue(v *bool) plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.DataIndex == nil {
- p.Spec.Services.DataIndex = &operatorapi.ServiceSpec{}
+ p.Spec.Services.DataIndex = &operatorapi.DataIndexServiceSpec{}
p.Spec.Services.DataIndex.Enabled = v
@@ -201,7 +210,7 @@ func emptyDataIndexServiceSpec() plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.DataIndex == nil {
- p.Spec.Services.DataIndex = &operatorapi.ServiceSpec{}
+ p.Spec.Services.DataIndex = &operatorapi.DataIndexServiceSpec{}
@@ -212,7 +221,7 @@ func emptyJobServiceSpec() plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.JobService == nil {
- p.Spec.Services.JobService = &operatorapi.ServiceSpec{}
+ p.Spec.Services.JobService = &operatorapi.JobServiceServiceSpec{}
@@ -235,7 +244,7 @@ func setJobServiceJDBC(jdbc string) plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.JobService == nil {
- p.Spec.Services.JobService = &operatorapi.ServiceSpec{}
+ p.Spec.Services.JobService = &operatorapi.JobServiceServiceSpec{}
if p.Spec.Services.JobService.Persistence == nil {
p.Spec.Services.JobService.Persistence = &operatorapi.PersistenceOptionsSpec{}
@@ -253,7 +262,7 @@ func setDataIndexJDBC(jdbc string) plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.DataIndex == nil {
- p.Spec.Services.DataIndex = &operatorapi.ServiceSpec{}
+ p.Spec.Services.DataIndex = &operatorapi.DataIndexServiceSpec{}
if p.Spec.Services.DataIndex.Persistence == nil {
p.Spec.Services.DataIndex.Persistence = &operatorapi.PersistenceOptionsSpec{}
diff --git a/packages/sonataflow-operator/controllers/platform/services/properties_test.go b/packages/sonataflow-operator/internal/controller/platform/services/properties_test.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/platform/services/properties_test.go
rename to packages/sonataflow-operator/internal/controller/platform/services/properties_test.go
index a058ff943e1..c2be40c0536 100644
--- a/packages/sonataflow-operator/controllers/platform/services/properties_test.go
+++ b/packages/sonataflow-operator/internal/controller/platform/services/properties_test.go
@@ -24,7 +24,7 @@ import (
. "github.com/onsi/gomega"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
const (
diff --git a/packages/sonataflow-operator/internal/controller/platform/services/services.go b/packages/sonataflow-operator/internal/controller/platform/services/services.go
new file mode 100644
index 00000000000..97114d3e777
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/platform/services/services.go
@@ -0,0 +1,783 @@
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package services
+import (
+ "fmt"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/version"
+ appsv1 "k8s.io/api/apps/v1"
+ "github.com/imdario/mergo"
+ "github.com/magiconair/properties"
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/resource"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/utils/pointer"
+ eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
+ sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ "knative.dev/pkg/apis"
+ duckv1 "knative.dev/pkg/apis/duck/v1"
+ "knative.dev/pkg/kmeta"
+ "knative.dev/pkg/tracker"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/persistence"
+const (
+ quarkusHibernateORMDatabaseGeneration string = "QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION"
+ quarkusFlywayMigrateAtStart string = "QUARKUS_FLYWAY_MIGRATE_AT_START"
+ WaitingKnativeEventing = "WaitingKnativeEventing"
+type PlatformServiceHandler interface {
+ // GetContainerName returns the name of the service's container in the deployment.
+ GetContainerName() string
+ // GetServiceImageName returns the image name of the service's container. It takes in the service and persistence types and returns a string
+ // that contains the FQDN of the image, including the tag.
+ GetServiceImageName(persistenceName constants.PersistenceType) string
+ // GetServiceName returns the name of the kubernetes service prefixed with the platform name
+ GetServiceName() string
+ // GetServiceCmName returns the name of the configmap associated to the service
+ GetServiceCmName() string
+ // GetEnvironmentVariables returns the env variables to be injected to the service container
+ GetEnvironmentVariables() []corev1.EnvVar
+ // GetPodResourceRequirements returns the pod's memory and CPU resource requirements
+ // Values for job service taken from
+ // https://github.com/parodos-dev/orchestrator-helm-chart/blob/52d09eda56fdbed3060782df29847c97f172600f/charts/orchestrator/values.yaml#L68-L72
+ GetPodResourceRequirements() corev1.ResourceRequirements
+ // GetReplicaCount Returns the default pod replica count for the given service
+ GetReplicaCount() int32
+ // GetDeploymentStrategy Returns the deployment strategy for the service
+ GetDeploymentStrategy() appsv1.DeploymentStrategy
+ // MergeContainerSpec performs a merge with override using the containerSpec argument and the expected values based on the service's pod template specifications. The returning
+ // object is the merged result
+ MergeContainerSpec(containerSpec *corev1.Container) (*corev1.Container, error)
+ // ConfigurePersistence sets the persistence's image and environment values when it is defined in the Persistence field of the service, overriding any existing value.
+ ConfigurePersistence(containerSpec *corev1.Container) *corev1.Container
+ // MergePodSpec performs a merge with override between the podSpec argument and the expected values based on the service's pod template specification. The returning
+ // object is the result of the merge
+ MergePodSpec(podSpec corev1.PodSpec) (corev1.PodSpec, error)
+ // GenerateServiceProperties returns a property object that contains the application properties required by the service deployment
+ GenerateServiceProperties() (*properties.Properties, error)
+ // GenerateKnativeResources returns knative resources that bridge between workflow deploys and the service
+ GenerateKnativeResources(platform *operatorapi.SonataFlowPlatform, lbl map[string]string) ([]client.Object, *corev1.Event, error)
+ // IsServiceSetInSpec returns true if the service is set in the spec.
+ IsServiceSetInSpec() bool
+ // IsServiceEnabledInSpec returns true if the service is enabled in the spec.
+ IsServiceEnabledInSpec() bool
+ // GetLocalServiceBaseUrl returns the base url of the local service
+ GetLocalServiceBaseUrl() string
+ // GetServiceBaseUrl returns the base url of the service, based on whether using local or cluster-scoped service.
+ GetServiceBaseUrl() string
+ // IsServiceEnabled returns true if the service is enabled in either the spec or the status.clusterPlatformRef.
+ IsServiceEnabled() bool
+ // SetServiceUrlInPlatformStatus sets the service url in the platform's status. if reconciled instance does not have service set in spec AND
+ // if cluster referenced platform has said service enabled, use the cluster platform's service
+ SetServiceUrlInPlatformStatus(clusterRefPlatform *operatorapi.SonataFlowPlatform)
+ // SetServiceUrlInWorkflowStatus sets the service url in a workflow's status.
+ SetServiceUrlInWorkflowStatus(workflow *operatorapi.SonataFlow)
+ GetServiceSource() *duckv1.Destination
+ // Check if K_SINK has injected for Job Service. No Op for Data Index
+ CheckKSinkInjected() (bool, error)
+type DataIndexHandler struct {
+ platform *operatorapi.SonataFlowPlatform
+func NewDataIndexHandler(platform *operatorapi.SonataFlowPlatform) PlatformServiceHandler {
+ return &DataIndexHandler{platform: platform}
+func (d *DataIndexHandler) GetContainerName() string {
+ return constants.DataIndexServiceName
+func (d DataIndexHandler) GetServiceImageName(persistenceType constants.PersistenceType) string {
+ if persistenceType == constants.PersistenceTypePostgreSQL && len(cfg.GetCfg().DataIndexPostgreSQLImageTag) > 0 {
+ return cfg.GetCfg().DataIndexPostgreSQLImageTag
+ }
+ if persistenceType == constants.PersistenceTypeEphemeral && len(cfg.GetCfg().DataIndexEphemeralImageTag) > 0 {
+ return cfg.GetCfg().DataIndexEphemeralImageTag
+ }
+ // returns "docker.io/apache/incubator-kie-kogito-data-index-:"
+ return fmt.Sprintf("%s-%s-%s:%s", constants.ImageNamePrefix, constants.DataIndexName, persistenceType.String(), version.GetImageTagVersion())
+func (d *DataIndexHandler) GetServiceName() string {
+ return fmt.Sprintf("%s-%s", d.platform.Name, constants.DataIndexServiceName)
+func (d DataIndexHandler) SetServiceUrlInPlatformStatus(clusterRefPlatform *operatorapi.SonataFlowPlatform) {
+ psDI := NewDataIndexHandler(clusterRefPlatform)
+ if !isServicesSet(d.platform) && psDI.IsServiceEnabledInSpec() {
+ if d.platform.Status.ClusterPlatformRef != nil {
+ if d.platform.Status.ClusterPlatformRef.Services == nil {
+ d.platform.Status.ClusterPlatformRef.Services = &operatorapi.PlatformServicesStatus{}
+ }
+ d.platform.Status.ClusterPlatformRef.Services.DataIndexRef = &operatorapi.PlatformServiceRefStatus{
+ Url: psDI.GetLocalServiceBaseUrl(),
+ }
+ }
+ }
+func (d DataIndexHandler) SetServiceUrlInWorkflowStatus(workflow *operatorapi.SonataFlow) {
+ if !profiles.IsDevProfile(workflow) && d.IsServiceEnabled() {
+ if workflow.Status.Services == nil {
+ workflow.Status.Services = &operatorapi.PlatformServicesStatus{}
+ }
+ workflow.Status.Services.DataIndexRef = &operatorapi.PlatformServiceRefStatus{
+ Url: d.GetServiceBaseUrl(),
+ }
+ }
+func (d DataIndexHandler) IsServiceSetInSpec() bool {
+ return isDataIndexSet(d.platform)
+func (d *DataIndexHandler) IsServiceEnabledInSpec() bool {
+ return isDataIndexEnabled(d.platform)
+func (d *DataIndexHandler) isServiceEnabledInStatus() bool {
+ return d.platform != nil && d.platform.Status.ClusterPlatformRef != nil &&
+ d.platform.Status.ClusterPlatformRef.Services != nil && d.platform.Status.ClusterPlatformRef.Services.DataIndexRef != nil &&
+ !isServicesSet(d.platform)
+func (d *DataIndexHandler) IsServiceEnabled() bool {
+ return d.IsServiceEnabledInSpec() || d.isServiceEnabledInStatus()
+func (d *DataIndexHandler) GetServiceBaseUrl() string {
+ if d.IsServiceEnabledInSpec() {
+ return d.GetLocalServiceBaseUrl()
+ }
+ if d.isServiceEnabledInStatus() {
+ return d.platform.Status.ClusterPlatformRef.Services.DataIndexRef.Url
+ }
+ return ""
+func (d *DataIndexHandler) GetLocalServiceBaseUrl() string {
+ return GenerateServiceURL(constants.DefaultHTTPProtocol, d.platform.Namespace, d.GetServiceName())
+func (d *DataIndexHandler) GetEnvironmentVariables() []corev1.EnvVar {
+ return []corev1.EnvVar{
+ {
+ Value: "http-events-support",
+ },
+ }
+func (d *DataIndexHandler) GetPodResourceRequirements() corev1.ResourceRequirements {
+ return corev1.ResourceRequirements{
+ Requests: corev1.ResourceList{
+ corev1.ResourceCPU: resource.MustParse("100m"),
+ corev1.ResourceMemory: resource.MustParse("1Gi"),
+ },
+ Limits: corev1.ResourceList{
+ corev1.ResourceCPU: resource.MustParse("200m"),
+ corev1.ResourceMemory: resource.MustParse("1Gi"),
+ },
+ }
+func (d *DataIndexHandler) MergePodSpec(podSpec corev1.PodSpec) (corev1.PodSpec, error) {
+ c := podSpec.DeepCopy()
+ err := mergo.Merge(c, d.platform.Spec.Services.DataIndex.PodTemplate.PodSpec.ToPodSpec(), mergo.WithOverride)
+ return *c, err
+// hasPostgreSQLConfigured returns true when either the SonataFlow Platform PostgreSQL CR's structure or the one in the Data Index service specification is not nil
+func (d *DataIndexHandler) hasPostgreSQLConfigured() bool {
+ return d.IsServiceSetInSpec() &&
+ ((d.platform.Spec.Services.DataIndex.Persistence != nil && d.platform.Spec.Services.DataIndex.Persistence.PostgreSQL != nil) ||
+ (d.platform.Spec.Persistence != nil && d.platform.Spec.Persistence.PostgreSQL != nil))
+func (d *DataIndexHandler) ConfigurePersistence(containerSpec *corev1.Container) *corev1.Container {
+ if d.hasPostgreSQLConfigured() {
+ p := persistence.RetrievePostgreSQLConfiguration(d.platform.Spec.Services.DataIndex.Persistence, d.platform.Spec.Persistence, d.GetServiceName())
+ c := containerSpec.DeepCopy()
+ c.Image = d.GetServiceImageName(constants.PersistenceTypePostgreSQL)
+ c.Env = append(c.Env, persistence.ConfigurePostgreSQLEnv(p.PostgreSQL, d.GetServiceName(), d.platform.Namespace)...)
+ // TODO upcoming work as part of the DB Migrator incorporation should continue where
+ // assignments like -> migrateDBOnStart := strconv.FormatBool(d.platform.Spec.Services.DataIndex.Persistence.MigrateDBOnStartUp) introduces nil pointer references,
+ // since Services, and services Persistence are optional references.
+ // specific to DataIndex
+ c.Env = append(c.Env, corev1.EnvVar{Name: quarkusHibernateORMDatabaseGeneration, Value: "update"}, corev1.EnvVar{Name: quarkusFlywayMigrateAtStart, Value: "true"})
+ return c
+ }
+ return containerSpec
+func (d DataIndexHandler) MergeContainerSpec(containerSpec *corev1.Container) (*corev1.Container, error) {
+ return mergeContainerSpec(containerSpec, &d.platform.Spec.Services.DataIndex.PodTemplate.Container)
+func (d *DataIndexHandler) GetReplicaCount() int32 {
+ if d.platform.Spec.Services.DataIndex.PodTemplate.Replicas != nil {
+ return *d.platform.Spec.Services.DataIndex.PodTemplate.Replicas
+ }
+ return 1
+func (d *DataIndexHandler) GetDeploymentStrategy() appsv1.DeploymentStrategy {
+ return appsv1.DeploymentStrategy{}
+func (d *DataIndexHandler) GetServiceCmName() string {
+ return fmt.Sprintf("%s-props", d.GetServiceName())
+func (d *DataIndexHandler) GetServiceSource() *duckv1.Destination {
+ if d.platform.Spec.Services.DataIndex.Source != nil {
+ return d.platform.Spec.Services.DataIndex.Source
+ }
+ return GetPlatformBroker(d.platform)
+func (d *DataIndexHandler) GenerateServiceProperties() (*properties.Properties, error) {
+ props := properties.NewProperties()
+ props.Set(constants.KogitoServiceURLProperty, d.GetLocalServiceBaseUrl())
+ props.Set(constants.DataIndexKafkaHealthCheck, "false")
+ return props, nil
+func (d *DataIndexHandler) CheckKSinkInjected() (bool, error) {
+ return true, nil // No op
+type JobServiceHandler struct {
+ platform *operatorapi.SonataFlowPlatform
+func NewJobServiceHandler(platform *operatorapi.SonataFlowPlatform) PlatformServiceHandler {
+ return &JobServiceHandler{platform: platform}
+func (j *JobServiceHandler) GetContainerName() string {
+ return constants.JobServiceName
+func (j JobServiceHandler) GetServiceImageName(persistenceType constants.PersistenceType) string {
+ if persistenceType == constants.PersistenceTypePostgreSQL && len(cfg.GetCfg().JobsServicePostgreSQLImageTag) > 0 {
+ return cfg.GetCfg().JobsServicePostgreSQLImageTag
+ }
+ if persistenceType == constants.PersistenceTypeEphemeral && len(cfg.GetCfg().JobsServiceEphemeralImageTag) > 0 {
+ return cfg.GetCfg().JobsServiceEphemeralImageTag
+ }
+ // returns "docker.io/apache/incubator-kie-kogito-jobs-service-:"
+ return fmt.Sprintf("%s-%s-%s:%s", constants.ImageNamePrefix, constants.JobServiceName, persistenceType.String(), version.GetImageTagVersion())
+func (j *JobServiceHandler) GetServiceName() string {
+ return fmt.Sprintf("%s-%s", j.platform.Name, constants.JobServiceName)
+func (j *JobServiceHandler) GetServiceCmName() string {
+ return fmt.Sprintf("%s-props", j.GetServiceName())
+func (j JobServiceHandler) SetServiceUrlInPlatformStatus(clusterRefPlatform *operatorapi.SonataFlowPlatform) {
+ psJS := NewJobServiceHandler(clusterRefPlatform)
+ if !isServicesSet(j.platform) && psJS.IsServiceEnabledInSpec() {
+ if j.platform.Status.ClusterPlatformRef != nil {
+ if j.platform.Status.ClusterPlatformRef.Services == nil {
+ j.platform.Status.ClusterPlatformRef.Services = &operatorapi.PlatformServicesStatus{}
+ }
+ j.platform.Status.ClusterPlatformRef.Services.JobServiceRef = &operatorapi.PlatformServiceRefStatus{
+ Url: psJS.GetLocalServiceBaseUrl(),
+ }
+ }
+ }
+func (j JobServiceHandler) SetServiceUrlInWorkflowStatus(workflow *operatorapi.SonataFlow) {
+ if !profiles.IsDevProfile(workflow) && j.IsServiceEnabled() {
+ if workflow.Status.Services == nil {
+ workflow.Status.Services = &operatorapi.PlatformServicesStatus{}
+ }
+ workflow.Status.Services.JobServiceRef = &operatorapi.PlatformServiceRefStatus{
+ Url: j.GetServiceBaseUrl(),
+ }
+ }
+func (j JobServiceHandler) IsServiceSetInSpec() bool {
+ return isJobServiceSet(j.platform)
+func (j *JobServiceHandler) IsServiceEnabledInSpec() bool {
+ return isJobServiceEnabled(j.platform)
+func (j *JobServiceHandler) isServiceEnabledInStatus() bool {
+ return j.platform != nil && j.platform.Status.ClusterPlatformRef != nil &&
+ j.platform.Status.ClusterPlatformRef.Services != nil && j.platform.Status.ClusterPlatformRef.Services.JobServiceRef != nil &&
+ !isServicesSet(j.platform)
+func (j *JobServiceHandler) IsServiceEnabled() bool {
+ return j.IsServiceEnabledInSpec() || j.isServiceEnabledInStatus()
+func (j *JobServiceHandler) GetServiceBaseUrl() string {
+ if j.IsServiceEnabledInSpec() {
+ return j.GetLocalServiceBaseUrl()
+ }
+ if j.isServiceEnabledInStatus() {
+ return j.platform.Status.ClusterPlatformRef.Services.JobServiceRef.Url
+ }
+ return ""
+func (j *JobServiceHandler) GetLocalServiceBaseUrl() string {
+ return GenerateServiceURL(constants.DefaultHTTPProtocol, j.platform.Namespace, j.GetServiceName())
+func (j *JobServiceHandler) GetEnvironmentVariables() []corev1.EnvVar {
+ return []corev1.EnvVar{}
+func (j *JobServiceHandler) GetPodResourceRequirements() corev1.ResourceRequirements {
+ return corev1.ResourceRequirements{
+ Requests: corev1.ResourceList{
+ corev1.ResourceCPU: resource.MustParse("250m"),
+ corev1.ResourceMemory: resource.MustParse("64Mi"),
+ },
+ Limits: corev1.ResourceList{
+ corev1.ResourceCPU: resource.MustParse("500m"),
+ corev1.ResourceMemory: resource.MustParse("1Gi"),
+ },
+ }
+func (j *JobServiceHandler) GetReplicaCount() int32 {
+ if j.platform.Spec.Services.JobService.PodTemplate.Replicas != nil && *j.platform.Spec.Services.JobService.PodTemplate.Replicas == 0 {
+ return 0
+ }
+ return 1
+func (j *JobServiceHandler) GetDeploymentStrategy() appsv1.DeploymentStrategy {
+ return appsv1.DeploymentStrategy{
+ Type: appsv1.RecreateDeploymentStrategyType,
+ RollingUpdate: nil,
+ }
+func (j JobServiceHandler) MergeContainerSpec(containerSpec *corev1.Container) (*corev1.Container, error) {
+ return mergeContainerSpec(containerSpec, &j.platform.Spec.Services.JobService.PodTemplate.Container)
+// hasPostgreSQLConfigured returns true when either the SonataFlow Platform PostgreSQL CR's structure or the one in the Job service specification is not nil
+func (j *JobServiceHandler) hasPostgreSQLConfigured() bool {
+ return j.IsServiceSetInSpec() &&
+ ((j.platform.Spec.Services.JobService.Persistence != nil && j.platform.Spec.Services.JobService.Persistence.PostgreSQL != nil) ||
+ (j.platform.Spec.Persistence != nil && j.platform.Spec.Persistence.PostgreSQL != nil))
+func (j *JobServiceHandler) ConfigurePersistence(containerSpec *corev1.Container) *corev1.Container {
+ if j.hasPostgreSQLConfigured() {
+ c := containerSpec.DeepCopy()
+ c.Image = j.GetServiceImageName(constants.PersistenceTypePostgreSQL)
+ p := persistence.RetrievePostgreSQLConfiguration(j.platform.Spec.Services.JobService.Persistence, j.platform.Spec.Persistence, j.GetServiceName())
+ c.Env = append(c.Env, persistence.ConfigurePostgreSQLEnv(p.PostgreSQL, j.GetServiceName(), j.platform.Namespace)...)
+ // TODO upcoming work as part of the DB Migrator incorporation should continue where
+ // assignments like -> migrateDBOnStart := strconv.FormatBool(j.platform.Spec.Services.JobService.Persistence.MigrateDBOnStartUp) introduces nil pointer references,
+ // since Services, and services Persistence are optional references.
+ // Specific to Job Service
+ c.Env = append(c.Env, corev1.EnvVar{Name: "QUARKUS_FLYWAY_MIGRATE_AT_START", Value: "true"})
+ c.Env = append(c.Env, corev1.EnvVar{Name: "KOGITO_JOBS_SERVICE_LOADJOBERRORSTRATEGY", Value: "FAIL_SERVICE"})
+ return c
+ }
+ return containerSpec
+func (j *JobServiceHandler) MergePodSpec(podSpec corev1.PodSpec) (corev1.PodSpec, error) {
+ c := podSpec.DeepCopy()
+ err := mergo.Merge(c, j.platform.Spec.Services.JobService.PodTemplate.PodSpec.ToPodSpec(), mergo.WithOverride)
+ return *c, err
+func (j *JobServiceHandler) GenerateServiceProperties() (*properties.Properties, error) {
+ props := properties.NewProperties()
+ props.Set(constants.KogitoServiceURLProperty, GenerateServiceURL(constants.KogitoServiceURLProtocol, j.platform.Namespace, j.GetServiceName()))
+ props.Set(constants.JobServiceKafkaSmallRyeHealthProperty, "false")
+ props.Set(constants.JobServiceLeaderLivenessSmallRyeHealthProperty, "true")
+ props.Set(constants.JobServiceLeaderCheckExpirationInSeconds, constants.DefaultJobServiceLeaderCheckExpirationInSeconds)
+ if j.GetServiceSource() == nil {
+ props.Set(constants.JobServiceKSinkInjectionHealthCheck, "false")
+ } else {
+ props.Set(constants.JobServiceKSinkInjectionHealthCheck, "true")
+ }
+ // add data source reactive URL
+ if j.hasPostgreSQLConfigured() {
+ p := persistence.RetrievePostgreSQLConfiguration(j.platform.Spec.Services.JobService.Persistence, j.platform.Spec.Persistence, j.GetServiceName())
+ dataSourceReactiveURL, err := generateReactiveURL(p.PostgreSQL, j.GetServiceName(), j.platform.Namespace, constants.DefaultDatabaseName, constants.DefaultPostgreSQLPort)
+ if err != nil {
+ return nil, err
+ }
+ props.Set(constants.JobServiceDataSourceReactiveURL, dataSourceReactiveURL)
+ }
+ if isDataIndexEnabled(j.platform) {
+ props.Set(constants.JobServiceStatusChangeEvents, "true")
+ if j.GetServiceSource() == nil {
+ di := NewDataIndexHandler(j.platform)
+ props.Set(constants.JobServiceStatusChangeEventsURL, di.GetLocalServiceBaseUrl()+"/jobs")
+ } else {
+ props.Set(constants.JobServiceStatusChangeEventsURL, constants.KnativeInjectedEnvVar)
+ props.Set(constants.JobServiceStatusChangeEventsConnector, constants.QuarkusHTTP)
+ props.Set(constants.JobServiceStatusChangeEventsMethod, constants.Post)
+ }
+ }
+ props.Sort()
+ return props, nil
+func SetServiceUrlsInWorkflowStatus(pl *operatorapi.SonataFlowPlatform, workflow *operatorapi.SonataFlow) {
+ tpsDI := NewDataIndexHandler(pl)
+ tpsJS := NewJobServiceHandler(pl)
+ workflow.Status.Services = nil
+ tpsDI.SetServiceUrlInWorkflowStatus(workflow)
+ tpsJS.SetServiceUrlInWorkflowStatus(workflow)
+func (j *JobServiceHandler) GetServiceSource() *duckv1.Destination {
+ if j.platform.Spec.Services.JobService.Source != nil {
+ return j.platform.Spec.Services.JobService.Source
+ }
+ return GetPlatformBroker(j.platform)
+func (j *JobServiceHandler) GetServiceSink() *duckv1.Destination {
+ if j.platform.Spec.Services.JobService.Sink != nil {
+ return j.platform.Spec.Services.JobService.Sink
+ }
+ return GetPlatformBroker(j.platform)
+func isDataIndexEnabled(platform *operatorapi.SonataFlowPlatform) bool {
+ return isDataIndexSet(platform) && platform.Spec.Services.DataIndex.Enabled != nil &&
+ *platform.Spec.Services.DataIndex.Enabled
+func isJobServiceEnabled(platform *operatorapi.SonataFlowPlatform) bool {
+ return isJobServiceSet(platform) && platform.Spec.Services.JobService.Enabled != nil &&
+ *platform.Spec.Services.JobService.Enabled
+func isDataIndexSet(platform *operatorapi.SonataFlowPlatform) bool {
+ return isServicesSet(platform) && platform.Spec.Services.DataIndex != nil
+func isJobServiceSet(platform *operatorapi.SonataFlowPlatform) bool {
+ return isServicesSet(platform) && platform.Spec.Services.JobService != nil
+func isServicesSet(platform *operatorapi.SonataFlowPlatform) bool {
+ return platform != nil && platform.Spec.Services != nil
+func GenerateServiceURL(protocol string, namespace string, name string) string {
+ var serviceUrl string
+ if len(namespace) > 0 {
+ serviceUrl = fmt.Sprintf("%s://%s.%s", protocol, name, namespace)
+ } else {
+ serviceUrl = fmt.Sprintf("%s://%s", protocol, name)
+ }
+ return serviceUrl
+// mergeContainerSpec Produces the merging between the operatorapi.ContainerSpec provided in a SonataFlowPlatform
+// service, for example, platform.services.jobsService.podTemplate.container, and the destination container for the
+// corresponding service deployment. This method consider specific processing like not overriding environment vars
+// already configured by the operator in the destination container.
+func mergeContainerSpec(dest *corev1.Container, sourceSpec *operatorapi.ContainerSpec) (*corev1.Container, error) {
+ result := dest.DeepCopy()
+ source := sourceSpec.ToContainer()
+ err := mergeContainerPreservingEnvVars(result, &source)
+ return result, err
+// mergeContainerSpecPreservingEnvVars Merges the source container into the dest container by giving priority to the
+// env variables already configured in the dest container when both containers have the same variable name.
+func mergeContainerPreservingEnvVars(dest *corev1.Container, source *corev1.Container) error {
+ currentEnv := dest.Env
+ if err := mergo.Merge(dest, source, mergo.WithOverride); err != nil {
+ return err
+ }
+ dest.Env = currentEnv
+ for _, envVar := range source.Env {
+ kubernetes.AddEnvIfNotPresent(dest, envVar)
+ }
+ return nil
+// GetPlatformBroker gets the default broker for the platform.
+func GetPlatformBroker(platform *operatorapi.SonataFlowPlatform) *duckv1.Destination {
+ if platform != nil && platform.Spec.Eventing != nil && platform.Spec.Eventing.Broker != nil {
+ return platform.Spec.Eventing.Broker
+ }
+ return nil
+func (d *DataIndexHandler) GetSourceBroker() *duckv1.Destination {
+ if d.platform != nil && d.platform.Spec.Services.DataIndex.Source != nil && d.platform.Spec.Services.DataIndex.Source.Ref != nil {
+ return d.platform.Spec.Services.DataIndex.Source
+ }
+ return GetPlatformBroker(d.platform)
+func (d *DataIndexHandler) newTrigger(labels map[string]string, brokerName, namespace, serviceName, tag, eventType, path string, platform *operatorapi.SonataFlowPlatform) *eventingv1.Trigger {
+ return &eventingv1.Trigger{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: kmeta.ChildName(fmt.Sprintf("data-index-%s-", tag), string(platform.GetUID())),
+ Namespace: namespace,
+ Labels: labels,
+ },
+ Spec: eventingv1.TriggerSpec{
+ Broker: brokerName,
+ Filter: &eventingv1.TriggerFilter{
+ Attributes: eventingv1.TriggerFilterAttributes{
+ "type": eventType,
+ },
+ },
+ Subscriber: duckv1.Destination{
+ Ref: &duckv1.KReference{
+ Name: serviceName,
+ Namespace: platform.Namespace,
+ APIVersion: "v1",
+ Kind: "Service",
+ },
+ URI: &apis.URL{
+ Path: path,
+ },
+ },
+ },
+ }
+func (d *DataIndexHandler) GenerateKnativeResources(platform *operatorapi.SonataFlowPlatform, lbl map[string]string) ([]client.Object, *corev1.Event, error) {
+ broker := d.GetSourceBroker()
+ if broker == nil || len(broker.Ref.Name) == 0 {
+ return nil, nil, nil // Nothing to do
+ }
+ brokerName := broker.Ref.Name
+ namespace := broker.Ref.Namespace
+ if len(namespace) == 0 {
+ namespace = platform.Namespace
+ }
+ if err := knative.ValidateBroker(brokerName, namespace); err != nil {
+ event := &corev1.Event{
+ Type: corev1.EventTypeWarning,
+ Reason: WaitingKnativeEventing,
+ Message: fmt.Sprintf("%s for service: %s", err.Error(), d.GetServiceName()),
+ }
+ return nil, event, err
+ }
+ serviceName := d.GetServiceName()
+ return []client.Object{
+ d.newTrigger(lbl, brokerName, namespace, serviceName, "process-error", "ProcessInstanceErrorDataEvent", constants.KogitoProcessInstancesEventsPath, platform),
+ d.newTrigger(lbl, brokerName, namespace, serviceName, "process-node", "ProcessInstanceNodeDataEvent", constants.KogitoProcessInstancesEventsPath, platform),
+ d.newTrigger(lbl, brokerName, namespace, serviceName, "process-sla", "ProcessInstanceSLADataEvent", constants.KogitoProcessInstancesEventsPath, platform),
+ d.newTrigger(lbl, brokerName, namespace, serviceName, "process-state", "ProcessInstanceStateDataEvent", constants.KogitoProcessInstancesEventsPath, platform),
+ d.newTrigger(lbl, brokerName, namespace, serviceName, "process-variable", "ProcessInstanceVariableDataEvent", constants.KogitoProcessInstancesEventsPath, platform),
+ d.newTrigger(lbl, brokerName, namespace, serviceName, "process-definition", "ProcessDefinitionEvent", constants.KogitoProcessDefinitionsEventsPath, platform),
+ d.newTrigger(lbl, brokerName, namespace, serviceName, "process-instance-multiple", "MultipleProcessInstanceDataEvent", constants.KogitoProcessInstancesMultiEventsPath, platform),
+ d.newTrigger(lbl, brokerName, namespace, serviceName, "jobs", "JobEvent", constants.KogitoJobsPath, platform)}, nil, nil
+func (d JobServiceHandler) GetSourceBroker() *duckv1.Destination {
+ if d.platform.Spec.Services.JobService.Source != nil && d.platform.Spec.Services.JobService.Source.Ref != nil {
+ return d.platform.Spec.Services.JobService.Source
+ }
+ return GetPlatformBroker(d.platform)
+func (d JobServiceHandler) GetSink() *duckv1.Destination {
+ if d.platform.Spec.Services.JobService.Sink != nil {
+ return d.platform.Spec.Services.JobService.Sink
+ }
+ return GetPlatformBroker(d.platform)
+func (j *JobServiceHandler) GenerateKnativeResources(platform *operatorapi.SonataFlowPlatform, lbl map[string]string) ([]client.Object, *corev1.Event, error) {
+ broker := j.GetSourceBroker()
+ sink := j.GetSink()
+ resultObjs := []client.Object{}
+ if broker != nil && len(broker.Ref.Name) > 0 {
+ brokerName := broker.Ref.Name
+ namespace := broker.Ref.Namespace
+ if len(namespace) == 0 {
+ namespace = platform.Namespace
+ }
+ if err := knative.ValidateBroker(brokerName, namespace); err != nil {
+ event := &corev1.Event{
+ Type: corev1.EventTypeWarning,
+ Reason: WaitingKnativeEventing,
+ Message: fmt.Sprintf("%s for service: %s", err.Error(), j.GetServiceName()),
+ }
+ return nil, event, err
+ }
+ jobCreateTrigger := &eventingv1.Trigger{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: kmeta.ChildName("jobs-service-create-job-", string(platform.GetUID())),
+ Namespace: namespace,
+ Labels: lbl,
+ },
+ Spec: eventingv1.TriggerSpec{
+ Broker: brokerName,
+ Filter: &eventingv1.TriggerFilter{
+ Attributes: eventingv1.TriggerFilterAttributes{
+ "type": "job.create",
+ },
+ },
+ Subscriber: duckv1.Destination{
+ Ref: &duckv1.KReference{
+ Name: j.GetServiceName(),
+ Namespace: platform.Namespace,
+ APIVersion: "v1",
+ Kind: "Service",
+ },
+ URI: &apis.URL{
+ Path: constants.JobServiceJobEventsPath,
+ },
+ },
+ },
+ }
+ resultObjs = append(resultObjs, jobCreateTrigger)
+ jobDeleteTrigger := &eventingv1.Trigger{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: kmeta.ChildName("jobs-service-delete-job-", string(platform.GetUID())),
+ Namespace: namespace,
+ Labels: lbl,
+ },
+ Spec: eventingv1.TriggerSpec{
+ Broker: brokerName,
+ Filter: &eventingv1.TriggerFilter{
+ Attributes: eventingv1.TriggerFilterAttributes{
+ "type": "job.delete",
+ },
+ },
+ Subscriber: duckv1.Destination{
+ Ref: &duckv1.KReference{
+ Name: j.GetServiceName(),
+ Namespace: platform.Namespace,
+ APIVersion: "v1",
+ Kind: "Service",
+ },
+ URI: &apis.URL{
+ Path: constants.JobServiceJobEventsPath,
+ },
+ },
+ },
+ }
+ resultObjs = append(resultObjs, jobDeleteTrigger)
+ }
+ if sink != nil {
+ sinkBinding := &sourcesv1.SinkBinding{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: fmt.Sprintf("%s-jobs-service-sb", platform.Name),
+ Namespace: platform.Namespace,
+ Labels: lbl,
+ },
+ Spec: sourcesv1.SinkBindingSpec{
+ SourceSpec: duckv1.SourceSpec{
+ Sink: *sink,
+ },
+ BindingSpec: duckv1.BindingSpec{
+ Subject: tracker.Reference{
+ Name: j.GetServiceName(),
+ Namespace: platform.Namespace,
+ APIVersion: "apps/v1",
+ Kind: "Deployment",
+ },
+ },
+ },
+ }
+ resultObjs = append(resultObjs, sinkBinding)
+ }
+ return resultObjs, nil, nil
+func (j *JobServiceHandler) CheckKSinkInjected() (bool, error) {
+ if j.GetSink() != nil { //job services has sink configured
+ return knative.CheckKSinkInjected(j.GetServiceName(), j.platform.Namespace)
+ }
+ return true, nil
+func IsDataIndexEnabled(plf *operatorapi.SonataFlowPlatform) bool {
+ if plf.Spec.Services != nil {
+ if plf.Spec.Services.DataIndex != nil {
+ return pointer.BoolDeref(plf.Spec.Services.DataIndex.Enabled, false)
+ }
+ return false
+ }
+ // Check if DataIndex is enabled in the platform status
+ if plf.Status.ClusterPlatformRef != nil && plf.Status.ClusterPlatformRef.Services != nil && plf.Status.ClusterPlatformRef.Services.DataIndexRef != nil && len(plf.Status.ClusterPlatformRef.Services.DataIndexRef.Url) > 0 {
+ return true
+ }
+ return false
+func IsJobServiceEnabled(plf *operatorapi.SonataFlowPlatform) bool {
+ if plf.Spec.Services != nil {
+ if plf.Spec.Services.JobService != nil {
+ return pointer.BoolDeref(plf.Spec.Services.JobService.Enabled, false)
+ }
+ return false
+ }
+ // Check if JobService is enabled in the platform status
+ if plf.Status.ClusterPlatformRef != nil && plf.Status.ClusterPlatformRef.Services != nil && plf.Status.ClusterPlatformRef.Services.JobServiceRef != nil && len(plf.Status.ClusterPlatformRef.Services.JobServiceRef.Url) > 0 {
+ return true
+ }
+ return false
diff --git a/packages/sonataflow-operator/controllers/platform/services/services_suite_test.go b/packages/sonataflow-operator/internal/controller/platform/services/services_suite_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/platform/services/services_suite_test.go
rename to packages/sonataflow-operator/internal/controller/platform/services/services_suite_test.go
diff --git a/packages/sonataflow-operator/internal/controller/platform/services/services_test.go b/packages/sonataflow-operator/internal/controller/platform/services/services_test.go
new file mode 100644
index 00000000000..bef98c78abf
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/platform/services/services_test.go
@@ -0,0 +1,57 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package services
+import (
+ "testing"
+ "github.com/stretchr/testify/assert"
+ corev1 "k8s.io/api/core/v1"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+func TestMergeContainerSpec(t *testing.T) {
+ container := &corev1.Container{
+ Env: []corev1.EnvVar{{Name: "var1", Value: "value1"}, {Name: "var2", Value: "value2"}},
+ }
+ containerSpec := &operatorapi.ContainerSpec{
+ Env: []corev1.EnvVar{{Name: "var1", Value: "value1Changed"}, {Name: "var3", Value: "value3"}},
+ }
+ result, err := mergeContainerSpec(container, containerSpec)
+ assert.Nil(t, err)
+ assert.Len(t, result.Env, 3)
+ assert.Equal(t, result.Env[0], corev1.EnvVar{Name: "var1", Value: "value1"})
+ assert.Equal(t, result.Env[1], corev1.EnvVar{Name: "var2", Value: "value2"})
+ assert.Equal(t, result.Env[2], corev1.EnvVar{Name: "var3", Value: "value3"})
+func TestMergeContainerPreservingEnvVars(t *testing.T) {
+ container1 := &corev1.Container{
+ Env: []corev1.EnvVar{{Name: "var1", Value: "value1"}, {Name: "var2", Value: "value2"}},
+ }
+ container2 := &corev1.Container{
+ Env: []corev1.EnvVar{{Name: "var1", Value: "value1Changed"}, {Name: "var3", Value: "value3"}},
+ }
+ err := mergeContainerPreservingEnvVars(container1, container2)
+ assert.Nil(t, err)
+ assert.Len(t, container1.Env, 3)
+ assert.Equal(t, container1.Env[0], corev1.EnvVar{Name: "var1", Value: "value1"})
+ assert.Equal(t, container1.Env[1], corev1.EnvVar{Name: "var2", Value: "value2"})
+ assert.Equal(t, container1.Env[2], corev1.EnvVar{Name: "var3", Value: "value3"})
diff --git a/packages/sonataflow-operator/test/builder/Dockerfile b/packages/sonataflow-operator/internal/controller/platform/testdata/platformTest.Dockerfile
similarity index 93%
rename from packages/sonataflow-operator/test/builder/Dockerfile
rename to packages/sonataflow-operator/internal/controller/platform/testdata/platformTest.Dockerfile
index 1f2d0cc1413..c9b902ba326 100644
--- a/packages/sonataflow-operator/test/builder/Dockerfile
+++ b/packages/sonataflow-operator/internal/controller/platform/testdata/platformTest.Dockerfile
@@ -16,7 +16,6 @@
# under the License.
FROM docker.io/apache/incubator-kie-sonataflow-builder:main AS builder
-# This image name and tag is auto-replaced using environment variables during install, don't touch.
# Kogito User
USER 1001
@@ -25,7 +24,7 @@ USER 1001
WORKDIR /home/kogito/kogito-base
# Copy from build context to skeleton resources project
-COPY --chown=1001 . ./src/main/resources
+COPY --chown=1001 ../../../../test/builder ./src/main/resources
# Maven vars enhirited from the base image
RUN ${MAVEN_HOME}/bin/mvn -U -B ${MAVEN_ARGS_APPEND} -s ${MAVEN_SETTINGS_PATH} clean install -DskipTests
diff --git a/packages/sonataflow-operator/controllers/platform/warm.go b/packages/sonataflow-operator/internal/controller/platform/warm.go
similarity index 93%
rename from packages/sonataflow-operator/controllers/platform/warm.go
rename to packages/sonataflow-operator/internal/controller/platform/warm.go
index 5e86c22c4f6..0ed341017e0 100644
--- a/packages/sonataflow-operator/controllers/platform/warm.go
+++ b/packages/sonataflow-operator/internal/controller/platform/warm.go
@@ -54,7 +54,7 @@ func (action *warmAction) CanHandle(platform *operatorapi.SonataFlowPlatform) bo
return platform.Status.IsWarming()
-func (action *warmAction) Handle(ctx context.Context, platform *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, error) {
+func (action *warmAction) Handle(ctx context.Context, platform *operatorapi.SonataFlowPlatform) (*operatorapi.SonataFlowPlatform, *corev1.Event, error) {
// Check Kaniko warmer pod status
pod := corev1.Pod{
TypeMeta: metav1.TypeMeta{
@@ -69,19 +69,19 @@ func (action *warmAction) Handle(ctx context.Context, platform *operatorapi.Sona
err := action.reader.Get(ctx, types.NamespacedName{Namespace: pod.Namespace, Name: pod.Name}, &pod)
if err != nil {
- return nil, err
+ return nil, nil, err
switch pod.Status.Phase {
case corev1.PodSucceeded:
klog.V(log.D).InfoS("Kaniko cache successfully warmed up")
platform.Status.Manager().MarkTrueWithReason(api.SucceedConditionType, operatorapi.PlatformWarmingReason, "Kaniko cache successfully warmed up")
- return platform, nil
+ return platform, nil, nil
case corev1.PodFailed:
- return nil, errors.New("failed to warm up Kaniko cache")
+ return nil, nil, errors.New("failed to warm up Kaniko cache")
klog.V(log.I).InfoS("Waiting for Kaniko cache to warm up...")
// Requeue
- return nil, nil
+ return nil, nil, nil
diff --git a/packages/sonataflow-operator/controllers/profiles/common/constants/objects.go b/packages/sonataflow-operator/internal/controller/profiles/common/constants/objects.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/profiles/common/constants/objects.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/constants/objects.go
diff --git a/packages/sonataflow-operator/internal/controller/profiles/common/constants/platform_services.go b/packages/sonataflow-operator/internal/controller/profiles/common/constants/platform_services.go
new file mode 100644
index 00000000000..185f78427e1
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/constants/platform_services.go
@@ -0,0 +1,93 @@
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package constants
+const (
+ QuarkusHTTP = "quarkus-http"
+ Post = "POST"
+ DefaultHTTPProtocol = "http"
+ ConfigMapWorkflowPropsVolumeName = "workflow-properties"
+ JobServiceRequestEventsURL = "mp.messaging.outgoing.kogito-job-service-job-request-events.url"
+ JobServiceRequestEventsConnector = "mp.messaging.outgoing.kogito-job-service-job-request-events.connector"
+ JobServiceRequestEventsMethod = "mp.messaging.outgoing.kogito-job-service-job-request-events.method"
+ JobServiceStatusChangeEvents = "kogito.jobs-service.http.job-status-change-events"
+ JobServiceStatusChangeEventsURL = "mp.messaging.outgoing.kogito-job-service-job-status-events-http.url"
+ JobServiceStatusChangeEventsConnector = "mp.messaging.outgoing.kogito-job-service-job-status-events-http.connector"
+ JobServiceStatusChangeEventsMethod = "mp.messaging.outgoing.kogito-job-service-job-status-events-http.method"
+ JobServiceURLProtocol = "http"
+ JobServiceDataSourceReactiveURL = "quarkus.datasource.reactive.url"
+ JobServiceJobEventsPath = "/v2/jobs/events"
+ JobServiceLeaderCheckExpirationInSeconds = "kogito.jobs-service.management.leader-check.expiration-in-seconds"
+ DefaultJobServiceLeaderCheckExpirationInSeconds = "60"
+ KogitoProcessInstancesEventsConnector = "mp.messaging.outgoing.kogito-processinstances-events.connector"
+ KogitoProcessInstancesEventsMethod = "mp.messaging.outgoing.kogito-processinstances-events.method"
+ KogitoProcessInstancesEventsURL = "mp.messaging.outgoing.kogito-processinstances-events.url"
+ KogitoProcessInstancesEventsEnabled = "kogito.events.processinstances.enabled"
+ KogitoProcessInstancesEventsPath = "/processes"
+ // KogitoProcessInstancesMultiEventsPath Same value as KogitoProcessInstancesEventsPath intentionally
+ KogitoProcessInstancesMultiEventsPath = "/processes"
+ KogitoProcessDefinitionsEventsConnector = "mp.messaging.outgoing.kogito-processdefinitions-events.connector"
+ KogitoProcessDefinitionsEventsMethod = "mp.messaging.outgoing.kogito-processdefinitions-events.method"
+ KogitoProcessDefinitionsEventsURL = "mp.messaging.outgoing.kogito-processdefinitions-events.url"
+ KogitoProcessDefinitionsEventsEnabled = "kogito.events.processdefinitions.enabled"
+ KogitoProcessDefinitionsEventsErrorsEnabled = "kogito.events.processdefinitions.errors.propagate"
+ KogitoProcessDefinitionsEventsPath = "/definitions"
+ KogitoUserTasksEventsEnabled = "kogito.events.usertasks.enabled"
+ KogitoJobsPath = "/jobs"
+ // KogitoDataIndexHealthCheckEnabled configures if a workflow must check for the data index availability as part
+ // of its start health check.
+ KogitoDataIndexHealthCheckEnabled = "kogito.data-index.health-enabled"
+ // KogitoDataIndexURL configures the data index url, this value can be used internally by the workflow.
+ KogitoDataIndexURL = "kogito.data-index.url"
+ // KogitoJobServiceHealthCheckEnabled configures if a workflow must check for the job service availability as part
+ // of its start health check.
+ KogitoJobServiceHealthCheckEnabled = "kogito.jobs-service.health-enabled"
+ // KogitoJobServiceURL configures the jobs service, this value can be used internally by the workflow.
+ KogitoJobServiceURL = "kogito.jobs-service.url"
+ KogitoServiceURLProperty = "kogito.service.url"
+ KogitoServiceURLProtocol = "http"
+ DataIndexKafkaSmallRyeHealthProperty = `quarkus.smallrye-health.check."io.quarkus.kafka.client.health.KafkaHealthCheck".enabled`
+ JobServiceKafkaSmallRyeHealthProperty = `quarkus.smallrye-health.check."org.kie.kogito.jobs.service.messaging.http.health.knative.KSinkInjectionHealthCheck".enabled`
+ JobServiceLeaderLivenessSmallRyeHealthProperty = `quarkus.smallrye-health.check."org.kie.kogito.jobs.service.management.JobServiceLeaderLivenessHealthCheck".enabled`
+ DataIndexKafkaHealthCheck = `quarkus.smallrye-health.check."io.quarkus.kafka.client.health.KafkaHealthCheck".enabled`
+ JobServiceKSinkInjectionHealthCheck = `quarkus.smallrye-health.check."org.kie.kogito.jobs.service.messaging.http.health.knative.KSinkInjectionHealthCheck".enabled`
+ DataIndexServiceName = "data-index-service"
+ JobServiceName = "jobs-service"
+ ImageNamePrefix = "docker.io/apache/incubator-kie-kogito"
+ DataIndexName = "data-index"
+ DefaultDatabaseName string = "sonataflow"
+ DefaultPostgreSQLPort int = 5432
+type PersistenceType string
+const (
+ PersistenceTypePostgreSQL PersistenceType = "postgresql"
+ PersistenceTypeEphemeral PersistenceType = "ephemeral"
+func (p PersistenceType) String() string {
+ return string(p)
diff --git a/packages/sonataflow-operator/controllers/profiles/common/constants/reconcile.go b/packages/sonataflow-operator/internal/controller/profiles/common/constants/reconcile.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/profiles/common/constants/reconcile.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/constants/reconcile.go
diff --git a/packages/sonataflow-operator/controllers/profiles/common/constants/workflows.go b/packages/sonataflow-operator/internal/controller/profiles/common/constants/workflows.go
similarity index 74%
rename from packages/sonataflow-operator/controllers/profiles/common/constants/workflows.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/constants/workflows.go
index f7c85f359bc..f0fca0a4b63 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/constants/workflows.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/constants/workflows.go
@@ -25,5 +25,11 @@ const (
KogitoIncomingEventsPath = "mp.messaging.incoming.kogito_incoming_stream.path"
KnativeHealthEnabled = "org.kie.kogito.addons.knative.eventing.health-enabled"
KnativeInjectedEnvVar = "${K_SINK}"
- KnativeEventingBrokerDefault = "default"
+ TriggerFinalizer = "trigger-deletion"
+ QuarkusDevUICorsEnabled = "quarkus.dev-ui.cors.enabled"
+ QuarkusHttpCors = "quarkus.http.cors"
+ QuarkusHttpCorsOrigins = "quarkus.http.cors.origins"
+ KogitoEventsGrouping = "kogito.events.grouping"
+ KogitoEventsGroupingBinary = "kogito.events.grouping.binary"
+ KogitoEventsGroupingCompress = "kogito.events.grouping.compress"
diff --git a/packages/sonataflow-operator/controllers/profiles/common/deployment.go b/packages/sonataflow-operator/internal/controller/profiles/common/deployment_status_manager.go
similarity index 83%
rename from packages/sonataflow-operator/controllers/profiles/common/deployment.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/deployment_status_manager.go
index 7006c3b4b2d..04f18721f22 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/deployment.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/deployment_status_manager.go
@@ -26,19 +26,23 @@ import (
appsv1 "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/types"
+ servingv1 "knative.dev/serving/pkg/apis/serving/v1"
ctrl "sigs.k8s.io/controller-runtime"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
var _ WorkflowDeploymentManager = &deploymentHandler{}
+const knativeDeploymentSuffix = "-deployment"
// WorkflowDeploymentManager interface to handle workflow deployment features.
type WorkflowDeploymentManager interface {
// SyncDeploymentStatus updates the workflow status aligned with the deployment counterpart.
@@ -58,24 +62,42 @@ type deploymentHandler struct {
c client.Client
-func (d *deploymentHandler) RolloutDeployment(ctx context.Context, workflow *operatorapi.SonataFlow) error {
+func (d *deploymentHandler) getDeployment(ctx context.Context, workflow *operatorapi.SonataFlow) (*appsv1.Deployment, error) {
+ deploymentName := workflow.Name
+ if workflow.IsKnativeDeployment() {
+ ksvc := &servingv1.Service{}
+ if err := d.c.Get(ctx, client.ObjectKeyFromObject(workflow), ksvc); err != nil {
+ if errors.IsNotFound(err) {
+ return nil, nil
+ }
+ return nil, err
+ }
+ deploymentName = ksvc.Status.LatestCreatedRevisionName + knativeDeploymentSuffix
+ }
deployment := &appsv1.Deployment{}
- if err := d.c.Get(ctx, client.ObjectKeyFromObject(workflow), deployment); err != nil {
- // Deployment not found, nothing to do.
+ if err := d.c.Get(ctx, types.NamespacedName{Namespace: workflow.Namespace, Name: deploymentName}, deployment); err != nil {
if errors.IsNotFound(err) {
- return nil
+ return nil, nil
+ return nil, err
+ }
+ return deployment, nil
+func (d *deploymentHandler) RolloutDeployment(ctx context.Context, workflow *operatorapi.SonataFlow) error {
+ deployment, err := d.getDeployment(ctx, workflow)
+ if err != nil || deployment == nil {
return err
- if err := kubeutil.MarkDeploymentToRollout(deployment); err != nil {
+ if err = kubeutil.MarkDeploymentToRollout(deployment); err != nil {
return err
return d.c.Update(ctx, deployment)
func (d *deploymentHandler) SyncDeploymentStatus(ctx context.Context, workflow *operatorapi.SonataFlow) (ctrl.Result, error) {
- deployment := &appsv1.Deployment{}
- if err := d.c.Get(ctx, client.ObjectKeyFromObject(workflow), deployment); err != nil {
+ deployment, err := d.getDeployment(ctx, workflow)
+ if err != nil || deployment == nil {
// we should have the deployment by this time, so even if the error above is not found, we should halt.
workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.DeploymentUnavailableReason, "Couldn't find the workflow deployment")
return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, err
diff --git a/packages/sonataflow-operator/controllers/profiles/common/ensurer.go b/packages/sonataflow-operator/internal/controller/profiles/common/ensurer.go
similarity index 73%
rename from packages/sonataflow-operator/controllers/profiles/common/ensurer.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/ensurer.go
index dac69bb9e11..2a18e113928 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/ensurer.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/ensurer.go
@@ -22,12 +22,14 @@ package common
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+ eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
var _ ObjectEnsurer = &defaultObjectEnsurer{}
@@ -60,7 +62,7 @@ func NewObjectEnsurer(client client.Client, creator ObjectCreator) ObjectEnsurer
-// NewObjectEnsurerWithPlatform see defaultObjectEnsurerWithPlatform
+// NewObjectEnsurerWithPlatform see defaultObjectEnsurerWithPLatform
func NewObjectEnsurerWithPlatform(client client.Client, creator ObjectCreatorWithPlatform) ObjectEnsurerWithPlatform {
return &defaultObjectEnsurerWithPlatform{
c: client,
@@ -97,6 +99,9 @@ func (d *defaultObjectEnsurerWithPlatform) Ensure(ctx context.Context, workflow
if err != nil {
return nil, result, err
+ if object == nil {
+ return nil, result, nil
+ }
if result, err = controllerutil.CreateOrPatch(ctx, d.c, object,
func() error {
for _, v := range visitors {
@@ -137,6 +142,42 @@ type ObjectEnsurerResult struct {
Error error
+// ObjectsEnsurer is an ensurer to apply multiple objects
+type ObjectsEnsurerWithPlatform interface {
+ Ensure(ctx context.Context, workflow *operatorapi.SonataFlow, pl *operatorapi.SonataFlowPlatform, visitors ...MutateVisitor) []ObjectEnsurerResult
+func NewObjectsEnsurerWithPlatform(client client.Client, creator ObjectsCreatorWithPlatform) ObjectsEnsurerWithPlatform {
+ return &defaultObjectsEnsurerWithPlatform{
+ c: client,
+ creator: creator,
+ }
+type defaultObjectsEnsurerWithPlatform struct {
+ ObjectsEnsurer
+ c client.Client
+ creator ObjectsCreatorWithPlatform
+func (d *defaultObjectsEnsurerWithPlatform) Ensure(ctx context.Context, workflow *operatorapi.SonataFlow, pl *operatorapi.SonataFlowPlatform, visitors ...MutateVisitor) []ObjectEnsurerResult {
+ result := controllerutil.OperationResultNone
+ objects, err := d.creator(workflow, pl)
+ if err != nil {
+ return []ObjectEnsurerResult{{nil, result, err}}
+ }
+ var ensureResult []ObjectEnsurerResult
+ for _, object := range objects {
+ ensureObject, c, err := ensureObject(ctx, workflow, visitors, result, d.c, object)
+ ensureResult = append(ensureResult, ObjectEnsurerResult{ensureObject, c, err})
+ if err != nil {
+ return ensureResult
+ }
+ }
+ return ensureResult
func NewObjectsEnsurer(client client.Client, creator ObjectsCreator) ObjectsEnsurer {
return &defaultObjectsEnsurer{
c: client,
@@ -168,6 +209,14 @@ func (d *defaultObjectsEnsurer) Ensure(ctx context.Context, workflow *operatorap
return ensureResult
+func setWorkflowFinalizer(ctx context.Context, c client.Client, workflow *operatorapi.SonataFlow) error {
+ if !controllerutil.ContainsFinalizer(workflow, constants.TriggerFinalizer) {
+ controllerutil.AddFinalizer(workflow, constants.TriggerFinalizer)
+ return c.Update(ctx, workflow)
+ }
+ return nil
func ensureObject(ctx context.Context, workflow *operatorapi.SonataFlow, visitors []MutateVisitor, result controllerutil.OperationResult, c client.Client, object client.Object) (client.Object, controllerutil.OperationResult, error) {
if result, err := controllerutil.CreateOrPatch(ctx, c, object,
func() error {
@@ -176,6 +225,14 @@ func ensureObject(ctx context.Context, workflow *operatorapi.SonataFlow, visitor
return visitorErr
+ if trigger, ok := object.(*eventingv1.Trigger); ok {
+ addToSonataFlowTriggerList(workflow, trigger)
+ if workflow.Namespace != object.GetNamespace() {
+ // This is for Knative trigger in a different namespace
+ // Set the finalizer for trigger cleanup when the workflow is deleted
+ return setWorkflowFinalizer(ctx, c, workflow)
+ }
+ }
return controllerutil.SetControllerReference(workflow, object, c.Scheme())
}); err != nil {
return nil, result, err
@@ -183,3 +240,12 @@ func ensureObject(ctx context.Context, workflow *operatorapi.SonataFlow, visitor
klog.V(log.I).InfoS("Object operation finalized", "result", result, "kind", object.GetObjectKind().GroupVersionKind().String(), "name", object.GetName(), "namespace", object.GetNamespace())
return object, result, nil
+func addToSonataFlowTriggerList(workflow *operatorapi.SonataFlow, trigger *eventingv1.Trigger) {
+ for _, t := range workflow.Status.Triggers {
+ if t.Name == trigger.Name && t.Namespace == trigger.Namespace {
+ return // trigger already exists
+ }
+ }
+ workflow.Status.Triggers = append(workflow.Status.Triggers, operatorapi.SonataFlowTriggerRef{Name: trigger.Name, Namespace: trigger.Namespace})
diff --git a/packages/sonataflow-operator/controllers/profiles/common/knative.go b/packages/sonataflow-operator/internal/controller/profiles/common/knative_eventing.go
similarity index 71%
rename from packages/sonataflow-operator/controllers/profiles/common/knative.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/knative_eventing.go
index c3cbed72f55..c4f340c0177 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/knative.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/knative_eventing.go
@@ -20,26 +20,30 @@ package common
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/knative"
+ "k8s.io/klog/v2"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
- "k8s.io/klog/v2"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
var _ KnativeEventingHandler = &knativeObjectManager{}
type knativeObjectManager struct {
- sinkBinding ObjectEnsurer
- trigger ObjectsEnsurer
+ sinkBinding ObjectEnsurerWithPlatform
+ trigger ObjectsEnsurerWithPlatform
+ platform *operatorapi.SonataFlowPlatform
-func NewKnativeEventingHandler(support *StateSupport) KnativeEventingHandler {
+func NewKnativeEventingHandler(support *StateSupport, pl *operatorapi.SonataFlowPlatform) KnativeEventingHandler {
return &knativeObjectManager{
- sinkBinding: NewObjectEnsurer(support.C, SinkBindingCreator),
- trigger: NewObjectsEnsurer(support.C, TriggersCreator),
+ sinkBinding: NewObjectEnsurerWithPlatform(support.C, SinkBindingCreator),
+ trigger: NewObjectsEnsurerWithPlatform(support.C, TriggersCreator),
+ platform: pl,
StateSupport: support,
@@ -51,23 +55,23 @@ type KnativeEventingHandler interface {
func (k knativeObjectManager) Ensure(ctx context.Context, workflow *operatorapi.SonataFlow) ([]client.Object, error) {
var objs []client.Object
- if workflow.Spec.Flow.Events == nil {
- // skip if no event is found
- klog.V(log.I).InfoS("skip knative resource creation as no event is found")
- } else if workflow.Spec.Sink == nil {
- klog.V(log.I).InfoS("Spec.Sink is not provided")
- } else if knativeAvail, err := knative.GetKnativeAvailability(k.Cfg); err != nil || knativeAvail == nil || !knativeAvail.Eventing {
+ knativeAvail, err := knative.GetKnativeAvailability(k.Cfg)
+ if err != nil {
+ klog.V(log.I).InfoS("Error checking Knative Eventing: %v", err)
+ return nil, err
+ }
+ if !knativeAvail.Eventing {
klog.V(log.I).InfoS("Knative Eventing is not installed")
} else {
// create sinkBinding and trigger
- sinkBinding, _, err := k.sinkBinding.Ensure(ctx, workflow)
+ sinkBinding, _, err := k.sinkBinding.Ensure(ctx, workflow, k.platform)
if err != nil {
return objs, err
} else if sinkBinding != nil {
objs = append(objs, sinkBinding)
- triggers := k.trigger.Ensure(ctx, workflow)
+ triggers := k.trigger.Ensure(ctx, workflow, k.platform)
for _, trigger := range triggers {
if trigger.Error != nil {
return objs, trigger.Error
diff --git a/packages/sonataflow-operator/controllers/profiles/common/mutate_visitors.go b/packages/sonataflow-operator/internal/controller/profiles/common/mutate_visitors.go
similarity index 56%
rename from packages/sonataflow-operator/controllers/profiles/common/mutate_visitors.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/mutate_visitors.go
index 8108bc2cc03..fef7a1a1d9d 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/mutate_visitors.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/mutate_visitors.go
@@ -21,18 +21,25 @@ package common
import (
+ "maps"
+ "reflect"
+ "slices"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/discovery"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/properties"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
- "sigs.k8s.io/controller-runtime/pkg/client"
- "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/discovery"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/properties"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ servingv1 "knative.dev/serving/pkg/apis/serving/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
// ImageDeploymentMutateVisitor creates a visitor that mutates a vanilla Kubernetes Deployment to apply the given image in the DefaultContainerName container
@@ -55,6 +62,25 @@ func ImageDeploymentMutateVisitor(workflow *operatorapi.SonataFlow, image string
+// ImageKServiceMutateVisitor same as ImageDeploymentMutateVisitor for Knative Serving
+func ImageKServiceMutateVisitor(workflow *operatorapi.SonataFlow, image string) MutateVisitor {
+ return func(object client.Object) controllerutil.MutateFn {
+ // noop since we already have an image in the flow container defined by the user.
+ if workflow.HasContainerSpecImage() {
+ return func() error {
+ return nil
+ }
+ }
+ return func() error {
+ ksvc := object.(*servingv1.Service)
+ _, idx := kubeutil.GetContainerByName(operatorapi.DefaultContainerName, &ksvc.Spec.Template.Spec.PodSpec)
+ ksvc.Spec.Template.Spec.Containers[idx].Image = image
+ ksvc.Spec.Template.Spec.Containers[idx].ImagePullPolicy = kubeutil.GetImagePullPolicy(image)
+ return nil
+ }
+ }
// DeploymentMutateVisitor guarantees the state of the default Deployment object
func DeploymentMutateVisitor(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataFlowPlatform) MutateVisitor {
return func(object client.Object) controllerutil.MutateFn {
@@ -66,7 +92,28 @@ func DeploymentMutateVisitor(workflow *operatorapi.SonataFlow, plf *operatorapi.
if err != nil {
return err
- return EnsureDeployment(original.(*appsv1.Deployment), object.(*appsv1.Deployment))
+ src := original.(*appsv1.Deployment)
+ dst := object.(*appsv1.Deployment)
+ // merge new and old labels, but prevent overriding to keep exiting immutable selector working.
+ mergo.Merge(&dst.ObjectMeta.Labels, src.ObjectMeta.Labels, mergo.WithAppendSlice)
+ // to prevent furhter merge conflcts set the same lables on both src and dst
+ src.ObjectMeta.Labels = dst.ObjectMeta.Labels
+ if !maps.Equal(dst.Spec.Selector.MatchLabels, src.Spec.Selector.MatchLabels) {
+ // mutating selector labels is not supported so to prevent merge conflicts we set src and dst
+ // values to be identical
+ src.Spec.Selector.MatchLabels = dst.Spec.Selector.MatchLabels
+ }
+ if !slices.EqualFunc(
+ dst.Spec.Selector.MatchExpressions,
+ src.Spec.Selector.MatchExpressions,
+ func(lsr1, lsr2 metav1.LabelSelectorRequirement) bool {
+ return reflect.DeepEqual(lsr1, lsr2)
+ }) {
+ // mutating selector matchExpressions is not supported so to prevent merge conflicts we set src and dst
+ // values to be identical
+ src.Spec.Selector.MatchExpressions = dst.Spec.Selector.MatchExpressions
+ }
+ return EnsureDeployment(src, dst)
@@ -76,8 +123,11 @@ func EnsureDeployment(original *appsv1.Deployment, object *appsv1.Deployment) er
object.Spec.Replicas = original.Spec.Replicas
object.Spec.Selector = original.Spec.Selector
object.Labels = original.GetLabels()
+ object.Finalizers = original.Finalizers
// Clean up the volumes, they are inherited from original, additional are added by other visitors
+ // However, the knative data (voulmes, volumes mounts) must be preserved
+ knative.SaveKnativeData(&original.Spec.Template.Spec, &object.Spec.Template.Spec)
object.Spec.Template.Spec.Volumes = nil
for i := range object.Spec.Template.Spec.Containers {
object.Spec.Template.Spec.Containers[i].VolumeMounts = nil
@@ -87,6 +137,38 @@ func EnsureDeployment(original *appsv1.Deployment, object *appsv1.Deployment) er
return mergo.Merge(&object.Spec.Template.Spec, original.Spec.Template.Spec, mergo.WithOverride)
+// KServiceMutateVisitor guarantees the state of the default Knative Service object
+func KServiceMutateVisitor(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataFlowPlatform) MutateVisitor {
+ return func(object client.Object) controllerutil.MutateFn {
+ return func() error {
+ if kubeutil.IsObjectNew(object) {
+ return nil
+ }
+ original, err := KServiceCreator(workflow, plf)
+ if err != nil {
+ return err
+ }
+ return EnsureKService(original.(*servingv1.Service), object.(*servingv1.Service))
+ }
+ }
+// EnsureKService Ensure that the original Knative Service fields are immutable.
+func EnsureKService(original *servingv1.Service, object *servingv1.Service) error {
+ object.Labels = original.GetLabels()
+ // Clean up the volumes, they are inherited from original, additional are added by other visitors
+ // However, the knative data (voulmes, volumes mounts) must be preserved
+ knative.SaveKnativeData(&original.Spec.Template.Spec.PodSpec, &object.Spec.Template.Spec.PodSpec)
+ object.Spec.Template.Spec.Volumes = nil
+ for i := range object.Spec.Template.Spec.Containers {
+ object.Spec.Template.Spec.Containers[i].VolumeMounts = nil
+ }
+ // we do a merge to not keep changing the spec since k8s will set default values to the podSpec
+ return mergo.Merge(&object.Spec.Template.Spec.PodSpec, original.Spec.Template.Spec.PodSpec, mergo.WithOverride)
func ServiceMutateVisitor(workflow *operatorapi.SonataFlow) MutateVisitor {
return func(object client.Object) controllerutil.MutateFn {
return func() error {
@@ -140,8 +222,27 @@ func RolloutDeploymentIfCMChangedMutateVisitor(workflow *operatorapi.SonataFlow,
return func(object client.Object) controllerutil.MutateFn {
return func() error {
deployment := object.(*appsv1.Deployment)
- err := kubeutil.AnnotateDeploymentConfigChecksum(workflow, deployment, userPropsCM, managedPropsCM)
- return err
+ return kubeutil.AnnotateDeploymentConfigChecksum(workflow, deployment, userPropsCM, managedPropsCM)
+ }
+ }
+func RestoreDeploymentVolumeAndVolumeMountMutateVisitor() MutateVisitor {
+ return func(object client.Object) controllerutil.MutateFn {
+ return func() error {
+ deployment := object.(*appsv1.Deployment)
+ knative.RestoreKnativeVolumeAndVolumeMount(&deployment.Spec.Template.Spec)
+ return nil
+ }
+ }
+func RestoreKServiceVolumeAndVolumeMountMutateVisitor() MutateVisitor {
+ return func(object client.Object) controllerutil.MutateFn {
+ return func() error {
+ service := object.(*servingv1.Service)
+ knative.RestoreKnativeVolumeAndVolumeMount(&service.Spec.Template.Spec.PodSpec)
+ return nil
diff --git a/packages/sonataflow-operator/controllers/profiles/common/object_creators.go b/packages/sonataflow-operator/internal/controller/profiles/common/object_creators.go
similarity index 59%
rename from packages/sonataflow-operator/controllers/profiles/common/object_creators.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/object_creators.go
index ca9c79ab5cc..e61881ebf62 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/object_creators.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/object_creators.go
@@ -20,34 +20,53 @@
package common
import (
+ "context"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
+ servingv1 "knative.dev/serving/pkg/apis/serving/v1"
cncfmodel "github.com/serverlessworkflow/sdk-go/v2/model"
+ prometheus "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/types"
eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
duckv1 "knative.dev/pkg/apis/duck/v1"
+ "knative.dev/pkg/kmeta"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/persistence"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/properties"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/variables"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/persistence"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/properties"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/variables"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
+const (
+ knativeServingAPIVersion = "serving.knative.dev/v1"
+ knativeServiceKind = "Service"
+ deploymentAPIVersion = "apps/v1"
+ deploymentKind = "Deployment"
+ k8sServiceAPIVersion = "v1"
+ k8sServiceKind = "Service"
+ k8sServicePortName = "web"
+ metricsServicePortPath = "/q/metrics"
// ObjectCreator is the func that creates the initial reference object, if the object doesn't exist in the cluster, this one is created.
// Can be used as a reference to keep the object immutable
type ObjectCreator func(workflow *operatorapi.SonataFlow) (client.Object, error)
@@ -59,6 +78,9 @@ type ObjectCreatorWithPlatform func(workflow *operatorapi.SonataFlow, platform *
// ObjectsCreator creates multiple resources
type ObjectsCreator func(workflow *operatorapi.SonataFlow) ([]client.Object, error)
+// ObjectsCreatorWithPlatform creates multiple resources
+type ObjectsCreatorWithPlatform func(workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) ([]client.Object, error)
const (
defaultHTTPServicePort = 80
@@ -85,7 +107,7 @@ func DeploymentCreator(workflow *operatorapi.SonataFlow, plf *operatorapi.Sonata
Spec: appsv1.DeploymentSpec{
Replicas: getReplicasOrDefault(workflow),
Selector: &metav1.LabelSelector{
- MatchLabels: lbl,
+ MatchLabels: workflowproj.GetSelectorLabels(workflow),
Template: corev1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
@@ -108,6 +130,41 @@ func DeploymentCreator(workflow *operatorapi.SonataFlow, plf *operatorapi.Sonata
return deployment, nil
+// KServiceCreator creates the default Knative Service object for SonataFlow instances. It's based on the default DeploymentCreator.
+func KServiceCreator(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataFlowPlatform) (client.Object, error) {
+ lbl := workflowproj.GetMergedLabels(workflow)
+ ksvc := &servingv1.Service{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: workflow.Name,
+ Namespace: workflow.Namespace,
+ Labels: lbl,
+ },
+ Spec: servingv1.ServiceSpec{
+ ConfigurationSpec: servingv1.ConfigurationSpec{
+ Template: servingv1.RevisionTemplateSpec{
+ ObjectMeta: metav1.ObjectMeta{
+ Labels: lbl,
+ },
+ Spec: servingv1.RevisionSpec{
+ PodSpec: corev1.PodSpec{},
+ },
+ },
+ },
+ },
+ }
+ if err := mergo.Merge(&ksvc.Spec.Template.Spec.PodSpec, workflow.Spec.PodTemplate.PodSpec.ToPodSpec(), mergo.WithOverride); err != nil {
+ return nil, err
+ }
+ flowContainer, err := defaultContainer(workflow, plf)
+ if err != nil {
+ return nil, err
+ }
+ kubeutil.AddOrReplaceContainer(operatorapi.DefaultContainerName, *flowContainer, &ksvc.Spec.Template.Spec.PodSpec)
+ return ksvc, nil
func getReplicasOrDefault(workflow *operatorapi.SonataFlow) *int32 {
var dReplicas int32 = 1
if workflow.Spec.PodTemplate.Replicas == nil {
@@ -119,7 +176,7 @@ func getReplicasOrDefault(workflow *operatorapi.SonataFlow) *int32 {
func defaultContainer(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataFlowPlatform) (*corev1.Container, error) {
defaultContainerPort := corev1.ContainerPort{
ContainerPort: variables.DefaultHTTPWorkflowPortIntStr.IntVal,
- Name: utils.HttpScheme,
+ Name: utils.DefaultServicePortName,
Protocol: corev1.ProtocolTCP,
defaultFlowContainer := &corev1.Container{
@@ -134,6 +191,7 @@ func defaultContainer(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataF
TimeoutSeconds: healthTimeoutSeconds,
+ PeriodSeconds: healthStartedPeriodSeconds,
ReadinessProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{
@@ -143,6 +201,7 @@ func defaultContainer(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataF
TimeoutSeconds: healthTimeoutSeconds,
+ PeriodSeconds: healthStartedPeriodSeconds,
StartupProbe: &corev1.Probe{
ProbeHandler: corev1.ProbeHandler{
@@ -162,18 +221,20 @@ func defaultContainer(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataF
if err := mergo.Merge(defaultFlowContainer, workflow.Spec.PodTemplate.Container.ToContainer(), mergo.WithOverride); err != nil {
return nil, err
- var pper *operatorapi.PlatformPersistenceOptionsSpec
- if plf != nil && plf.Spec.Persistence != nil {
- pper = plf.Spec.Persistence
- }
- if p := persistence.RetrieveConfiguration(workflow.Spec.Persistence, pper, workflow.Name); p != nil {
- defaultFlowContainer = persistence.ConfigurePersistence(defaultFlowContainer, p, workflow.Name, workflow.Namespace)
+ if !profiles.IsDevProfile(workflow) {
+ var pper *operatorapi.PlatformPersistenceOptionsSpec
+ if plf != nil && plf.Spec.Persistence != nil {
+ pper = plf.Spec.Persistence
+ }
+ if p := persistence.RetrieveConfiguration(workflow.Spec.Persistence, pper, workflow.Name); p != nil {
+ defaultFlowContainer = persistence.ConfigurePersistence(defaultFlowContainer, p, workflow.Name, workflow.Namespace)
+ }
// immutable
defaultFlowContainer.Name = operatorapi.DefaultContainerName
portIdx := -1
for i := range defaultFlowContainer.Ports {
- if defaultFlowContainer.Ports[i].Name == utils.HttpScheme ||
+ if defaultFlowContainer.Ports[i].Name == utils.DefaultServicePortName ||
defaultFlowContainer.Ports[i].ContainerPort == variables.DefaultHTTPWorkflowPortIntStr.IntVal {
portIdx = i
@@ -202,6 +263,7 @@ func ServiceCreator(workflow *operatorapi.SonataFlow) (client.Object, error) {
Spec: corev1.ServiceSpec{
Selector: lbl,
Ports: []corev1.ServicePort{{
+ Name: k8sServicePortName,
Protocol: corev1.ProtocolTCP,
Port: defaultHTTPServicePort,
TargetPort: variables.DefaultHTTPWorkflowPortIntStr,
@@ -214,15 +276,23 @@ func ServiceCreator(workflow *operatorapi.SonataFlow) (client.Object, error) {
// SinkBindingCreator is an ObjectsCreator for SinkBinding.
// It will create v1.SinkBinding based on events defined in workflow.
-func SinkBindingCreator(workflow *operatorapi.SonataFlow) (client.Object, error) {
+func SinkBindingCreator(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataFlowPlatform) (client.Object, error) {
lbl := workflowproj.GetMergedLabels(workflow)
- // skip if no produced event is found
- if workflow.Spec.Sink == nil || !workflowdef.ContainsEventKind(workflow, cncfmodel.EventKindProduced) {
- return nil, nil
+ sink, err := knative.GetWorkflowSink(workflow, plf)
+ if err != nil {
+ return nil, err
+ }
+ if sink == nil {
+ return nil, nil /*nothing to do*/
- sink := workflow.Spec.Sink
+ apiVersion := deploymentAPIVersion
+ kind := deploymentKind
+ if workflow.Spec.PodTemplate.DeploymentModel == operatorapi.KnativeDeploymentModel {
+ apiVersion = knativeServingAPIVersion // use knative serving API Version
+ kind = knativeServiceKind
+ }
// subject must be deployment to inject K_SINK, service won't work
sinkBinding := &sourcesv1.SinkBinding{
@@ -239,8 +309,8 @@ func SinkBindingCreator(workflow *operatorapi.SonataFlow) (client.Object, error)
Subject: tracker.Reference{
Name: workflow.Name,
Namespace: workflow.Namespace,
- APIVersion: "apps/v1",
- Kind: "Deployment",
+ APIVersion: apiVersion,
+ Kind: kind,
@@ -248,12 +318,57 @@ func SinkBindingCreator(workflow *operatorapi.SonataFlow) (client.Object, error)
return sinkBinding, nil
+func getBrokerRefFromPlatform(plf *operatorapi.SonataFlowPlatform) (*duckv1.KReference, error) {
+ // check the local platform
+ if plf.Spec.Eventing != nil && plf.Spec.Eventing.Broker != nil && plf.Spec.Eventing.Broker.Ref != nil {
+ ref := plf.Spec.Eventing.Broker.Ref.DeepCopy()
+ if len(ref.Namespace) == 0 {
+ ref.Namespace = plf.Namespace // default to the platform namespace
+ }
+ return ref, nil
+ }
+ // Check the cluster platform
+ if plf.Status.ClusterPlatformRef != nil && len(plf.Status.ClusterPlatformRef.PlatformRef.Name) > 0 {
+ platform := &operatorapi.SonataFlowPlatform{}
+ if err := utils.GetClient().Get(context.TODO(), types.NamespacedName{Namespace: plf.Status.ClusterPlatformRef.PlatformRef.Namespace, Name: plf.Status.ClusterPlatformRef.PlatformRef.Name}, platform); err != nil {
+ if errors.IsNotFound(err) {
+ return nil, nil
+ }
+ return nil, err
+ }
+ return getBrokerRefFromPlatform(platform)
+ }
+ return nil, nil
+func getBrokerRefForEventType(eventType string, workflow *operatorapi.SonataFlow, plf *operatorapi.SonataFlowPlatform) (*duckv1.KReference, error) {
+ // Check the workflow
+ for _, source := range workflow.Spec.Sources {
+ if source.EventType == eventType {
+ ref := source.Ref.DeepCopy()
+ if len(ref.Namespace) == 0 {
+ ref.Namespace = workflow.Namespace // default to the workflow namespace
+ }
+ return ref, nil
+ }
+ }
+ // get the broker from the local platform or cluster platform
+ return getBrokerRefFromPlatform(plf)
// TriggersCreator is an ObjectsCreator for Triggers.
// It will create a list of eventingv1.Trigger based on events defined in workflow.
-func TriggersCreator(workflow *operatorapi.SonataFlow) ([]client.Object, error) {
+func TriggersCreator(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataFlowPlatform) ([]client.Object, error) {
var resultObjects []client.Object
lbl := workflowproj.GetMergedLabels(workflow)
+ apiVersion := k8sServiceAPIVersion
+ kind := k8sServiceKind
+ if workflow.Spec.PodTemplate.DeploymentModel == operatorapi.KnativeDeploymentModel {
+ apiVersion = knativeServingAPIVersion // use knative serving API Version
+ kind = knativeServiceKind
+ }
events := workflow.Spec.Flow.Events
for _, event := range events {
@@ -261,16 +376,27 @@ func TriggersCreator(workflow *operatorapi.SonataFlow) ([]client.Object, error)
if event.Kind == cncfmodel.EventKindProduced {
+ brokerRef, err := getBrokerRefForEventType(event.Type, workflow, plf)
+ if err != nil {
+ return nil, err
+ }
+ if brokerRef == nil || !knative.IsKnativeBroker(brokerRef) {
+ // No broker configured for the eventType. Skip and will not create trigger for it.
+ continue
+ }
+ if err := knative.ValidateBroker(brokerRef.Name, brokerRef.Namespace); err != nil {
+ return nil, err
+ }
// construct eventingv1.Trigger
+ // The trigger must be created in the same namespace as the broker
trigger := &eventingv1.Trigger{
ObjectMeta: metav1.ObjectMeta{
- Name: strings.ToLower(fmt.Sprintf("%s-%s-trigger", workflow.Name, event.Name)),
- Namespace: workflow.Namespace,
+ Name: kmeta.ChildName(strings.ToLower(fmt.Sprintf("%s-%s-", workflow.Name, event.Name)), string(workflow.GetUID())),
+ Namespace: brokerRef.Namespace,
Labels: lbl,
Spec: eventingv1.TriggerSpec{
- Broker: constants.KnativeEventingBrokerDefault,
+ Broker: brokerRef.Name,
Filter: &eventingv1.TriggerFilter{
Attributes: eventingv1.TriggerFilterAttributes{
"type": event.Type,
@@ -280,8 +406,8 @@ func TriggersCreator(workflow *operatorapi.SonataFlow) ([]client.Object, error)
Ref: &duckv1.KReference{
Name: workflow.Name,
Namespace: workflow.Namespace,
- APIVersion: "v1",
- Kind: "Service",
+ APIVersion: apiVersion,
+ Kind: kind,
@@ -312,3 +438,31 @@ func ManagedPropsConfigMapCreator(workflow *operatorapi.SonataFlow, platform *op
return workflowproj.CreateNewManagedPropsConfigMap(workflow, props), nil
+// ServiceMonitorCreator is an ObjectsCreator for Service Monitor for the workflow service.
+func ServiceMonitorCreator(workflow *operatorapi.SonataFlow) (client.Object, error) {
+ lbl := workflowproj.GetMergedLabels(workflow)
+ spec := &prometheus.ServiceMonitorSpec{
+ Selector: metav1.LabelSelector{
+ MatchLabels: map[string]string{
+ workflowproj.LabelWorkflow: workflow.Name,
+ workflowproj.LabelWorkflowNamespace: workflow.Namespace,
+ },
+ },
+ Endpoints: []prometheus.Endpoint{
+ {
+ Port: k8sServicePortName,
+ Path: metricsServicePortPath,
+ },
+ },
+ }
+ serviceMonitor := &prometheus.ServiceMonitor{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: workflow.Name,
+ Namespace: workflow.Namespace,
+ Labels: lbl,
+ },
+ Spec: *spec,
+ }
+ return serviceMonitor, nil
diff --git a/packages/sonataflow-operator/controllers/profiles/common/object_creators_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/object_creators_test.go
similarity index 54%
rename from packages/sonataflow-operator/controllers/profiles/common/object_creators_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/object_creators_test.go
index 1a24f3cfa98..be84323929f 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/object_creators_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/object_creators_test.go
@@ -23,13 +23,19 @@ import (
- sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ prometheus "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/util/intstr"
+ eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
+ sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ "knative.dev/pkg/kmeta"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
@@ -39,9 +45,11 @@ import (
+const platformName = "test-platform"
func Test_ensureWorkflowPropertiesConfigMapMutator(t *testing.T) {
workflow := test.GetBaseSonataFlowWithDevProfile(t.Name())
- platform := test.GetBasePlatform()
+ platform := test.GetBasePlatformInReadyPhase(workflow.Namespace)
// can't be new
managedProps, _ := ManagedPropsConfigMapCreator(workflow, platform)
@@ -50,7 +58,7 @@ func Test_ensureWorkflowPropertiesConfigMapMutator(t *testing.T) {
userProps, _ := UserPropsConfigMapCreator(workflow)
userPropsCM := userProps.(*corev1.ConfigMap)
- visitor := ManagedPropertiesMutateVisitor(context.TODO(), nil, workflow, nil, userPropsCM)
+ visitor := ManagedPropertiesMutateVisitor(context.TODO(), nil, workflow, platform, userPropsCM)
mutateFn := visitor(managedProps)
assert.NoError(t, mutateFn())
@@ -74,7 +82,8 @@ func Test_ensureWorkflowPropertiesConfigMapMutator(t *testing.T) {
func Test_ensureWorkflowPropertiesConfigMapMutator_DollarReplacement(t *testing.T) {
workflow := test.GetBaseSonataFlowWithDevProfile(t.Name())
- platform := test.GetBasePlatform()
+ platform := test.GetBasePlatformInReadyPhase(workflow.Namespace)
managedProps, _ := ManagedPropsConfigMapCreator(workflow, platform)
@@ -85,7 +94,7 @@ func Test_ensureWorkflowPropertiesConfigMapMutator_DollarReplacement(t *testing.
userPropsCM := userProps.(*corev1.ConfigMap)
userPropsCM.Data[workflowproj.ApplicationPropertiesFileName] = "mp.messaging.outgoing.kogito_outgoing_stream.url=${kubernetes:services.v1/event-listener}"
- mutateVisitorFn := ManagedPropertiesMutateVisitor(context.TODO(), nil, workflow, nil, userPropsCM)
+ mutateVisitorFn := ManagedPropertiesMutateVisitor(context.TODO(), nil, workflow, platform, userPropsCM)
err := mutateVisitorFn(managedPropsCM)()
assert.NoError(t, err)
@@ -94,13 +103,13 @@ func Test_ensureWorkflowPropertiesConfigMapMutator_DollarReplacement(t *testing.
func TestMergePodSpec(t *testing.T) {
workflow := test.GetBaseSonataFlow(t.Name())
- workflow.Spec.PodTemplate = v1alpha08.PodTemplateSpec{
+ workflow.Spec.PodTemplate = v1alpha08.FlowPodTemplateSpec{
Container: v1alpha08.ContainerSpec{
// this one we can override
Image: "docker.io/example/my-workflow:1.0.0",
Ports: []corev1.ContainerPort{
// let's override a immutable attribute
- {Name: utils.HttpScheme, ContainerPort: 9090},
+ {Name: utils.DefaultServicePortName, ContainerPort: 9090},
Env: []corev1.EnvVar{
// We should be able to override this too
@@ -145,9 +154,9 @@ func TestMergePodSpec(t *testing.T) {
assert.Len(t, flowContainer.VolumeMounts, 1)
-func TestMergePodSpec_OverrideContainers(t *testing.T) {
+func TestMergePodSpecOverrideContainers(t *testing.T) {
workflow := test.GetBaseSonataFlow(t.Name())
- workflow.Spec.PodTemplate = v1alpha08.PodTemplateSpec{
+ workflow.Spec.PodTemplate = v1alpha08.FlowPodTemplateSpec{
PodSpec: v1alpha08.PodSpec{
// Try to override the workflow container via the podspec
Containers: []corev1.Container{
@@ -155,7 +164,7 @@ func TestMergePodSpec_OverrideContainers(t *testing.T) {
Name: v1alpha08.DefaultContainerName,
Image: "docker.io/example/my-workflow:1.0.0",
Ports: []corev1.ContainerPort{
- {Name: utils.HttpScheme, ContainerPort: 9090},
+ {Name: utils.DefaultServicePortName, ContainerPort: 9090},
Env: []corev1.EnvVar{
{Name: "ENV1", Value: "VALUE_CUSTOM"},
@@ -177,11 +186,13 @@ func TestMergePodSpec_OverrideContainers(t *testing.T) {
assert.Empty(t, flowContainer.Env)
-func Test_ensureWorkflowSinkBindingIsCreated(t *testing.T) {
+func TestEnsureWorkflowSinkBindingWithWorkflowSinkIsCreated(t *testing.T) {
workflow := test.GetVetEventSonataFlow(t.Name())
+ plf := test.GetBasePlatform()
//On Kubernetes we want the service exposed in Dev with NodePort
- sinkBinding, _ := SinkBindingCreator(workflow)
+ sinkBinding, err := SinkBindingCreator(workflow, plf)
+ assert.NoError(t, err)
+ assert.NotNil(t, sinkBinding)
@@ -191,35 +202,190 @@ func Test_ensureWorkflowSinkBindingIsCreated(t *testing.T) {
assert.NotNil(t, reflectSinkBinding.Spec)
assert.NotEmpty(t, reflectSinkBinding.Spec.Sink)
assert.Equal(t, reflectSinkBinding.Spec.Sink.Ref.Kind, "Broker")
+ assert.Equal(t, reflectSinkBinding.Spec.Sink.Ref.Name, "default")
assert.NotNil(t, reflectSinkBinding.GetLabels())
- assert.Equal(t, reflectSinkBinding.ObjectMeta.Labels, map[string]string{"app": "vet", "sonataflow.org/workflow-app": "vet"})
+ assert.Equal(t, reflectSinkBinding.ObjectMeta.Labels, map[string]string{
+ "app": "vet",
+ "sonataflow.org/workflow-app": "vet",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "vet",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator"})
-func Test_ensureWorkflowTriggersAreCreated(t *testing.T) {
+func TestEnsureWorkflowSinkBindingWithPlatformBrokerIsCreated(t *testing.T) {
workflow := test.GetVetEventSonataFlow(t.Name())
+ workflow.Spec.Sink = nil
+ workflow.Spec.Sources = nil
+ plf := test.GetBasePlatformWithBroker()
+ sinkBinding, err := SinkBindingCreator(workflow, plf)
+ assert.NoError(t, err)
+ assert.NotNil(t, sinkBinding)
+ sinkBinding.SetUID("1")
+ sinkBinding.SetResourceVersion("1")
- //On Kubernetes we want the service exposed in Dev with NodePort
- triggers, _ := TriggersCreator(workflow)
+ reflectSinkBinding := sinkBinding.(*sourcesv1.SinkBinding)
+ assert.NotNil(t, reflectSinkBinding)
+ assert.NotNil(t, reflectSinkBinding.Spec)
+ assert.NotEmpty(t, reflectSinkBinding.Spec.Sink)
+ assert.Equal(t, reflectSinkBinding.Spec.Sink.Ref.Kind, "Broker")
+ assert.Equal(t, reflectSinkBinding.Spec.Sink.Ref.Name, "default")
+ assert.NotNil(t, reflectSinkBinding.GetLabels())
+ assert.Equal(t, reflectSinkBinding.ObjectMeta.Labels, map[string]string{"app": "vet",
+ "sonataflow.org/workflow-app": "vet",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "vet",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator"})
+func TestEnsureWorkflowSinkBindingWithoutBrokerAreNotCreated(t *testing.T) {
+ workflow := test.GetVetEventSonataFlow(t.Name())
+ workflow.Spec.Sink = nil
+ workflow.Spec.Sources = nil
+ plf := test.GetBasePlatformWithBroker()
+ plf.Spec.Eventing = nil // No broker configured in the platform, but data index and jobs service are enabled
+ sinkBinding, err := SinkBindingCreator(workflow, plf)
+ assert.NoError(t, err)
+ assert.Nil(t, sinkBinding)
+func getTrigger(name string, objs []client.Object) *eventingv1.Trigger {
+ for _, obj := range objs {
+ if trigger, ok := obj.(*eventingv1.Trigger); ok {
+ if trigger.Name == name {
+ return trigger
+ }
+ }
+ }
+ return nil
+func TestEnsureWorkflowTriggersWithPlatformBrokerAreCreated(t *testing.T) {
+ workflow := test.GetVetEventSonataFlow(t.Name())
+ workflow.Spec.Sink = nil
+ workflow.Spec.Sources = nil
+ plf := test.GetBasePlatformWithBroker()
+ plf.Namespace = "platform-namespace"
+ plf.Spec.Eventing.Broker.Ref.Namespace = plf.Namespace
+ broker := test.GetDefaultBroker(plf.Namespace)
+ // Create a fake client to mock API calls.
+ cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(workflow, broker).WithStatusSubresource(workflow, broker).Build()
+ utils.SetClient(cl)
+ triggers, err := TriggersCreator(workflow, plf)
+ assert.NoError(t, err)
assert.NotEmpty(t, triggers)
assert.Len(t, triggers, 2)
- for _, trigger := range triggers {
- assert.Contains(t, []string{"vet-vetappointmentrequestreceived-trigger", "vet-vetappointmentinfo-trigger"}, trigger.GetName())
- assert.NotNil(t, trigger.GetLabels())
- assert.Equal(t, trigger.GetLabels(), map[string]string{"app": "vet", "sonataflow.org/workflow-app": "vet"})
- }
+ //Check the 1st trigger
+ name := kmeta.ChildName("vet-vetappointmentrequestreceived-", string(workflow.GetUID()))
+ trigger := getTrigger(name, triggers)
+ assert.NotNil(t, trigger)
+ assert.NotNil(t, trigger.GetLabels())
+ assert.Equal(t, trigger.GetLabels(), map[string]string{"app": "vet",
+ "sonataflow.org/workflow-app": "vet",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "vet",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator"})
+ assert.Equal(t, trigger.Namespace, plf.Namespace) //trigger should be in the platform namespace
+ assert.Equal(t, trigger.Spec.Broker, "default")
+ assert.NotNil(t, trigger.Spec.Filter)
+ assert.Len(t, trigger.Spec.Filter.Attributes, 1)
+ assert.Equal(t, trigger.Spec.Filter.Attributes["type"], "events.vet.appointments.request")
+ //Check the 2nd trigger
+ name = kmeta.ChildName("vet-vetappointmentinfo-", string(workflow.GetUID()))
+ trigger = getTrigger(name, triggers)
+ assert.NotNil(t, trigger)
+ assert.NotNil(t, trigger.GetLabels())
+ assert.Equal(t, trigger.GetLabels(), map[string]string{"app": "vet",
+ "sonataflow.org/workflow-app": "vet",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "vet",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator"})
+ assert.Equal(t, trigger.Namespace, plf.Namespace) //trigger should be in the platform namespace
+ assert.Equal(t, trigger.Spec.Broker, "default")
+ assert.NotNil(t, trigger.Spec.Filter)
+ assert.Len(t, trigger.Spec.Filter.Attributes, 1)
+ assert.Equal(t, trigger.Spec.Filter.Attributes["type"], "events.vet.appointments")
+func TestEnsureWorkflowTriggersWithWorkflowBrokerAreCreated(t *testing.T) {
+ workflow := test.GetVetEventSonataFlow(t.Name())
+ workflow.Spec.Sources[0].Destination.Ref.Namespace = workflow.Namespace
+ workflow.Spec.Sources[1].Destination.Ref.Namespace = workflow.Namespace
+ plf := test.GetBasePlatform() // No broker defined in the platform
+ broker1 := test.GetDefaultBroker(workflow.Namespace)
+ broker1.Name = "broker-appointments-request"
+ broker2 := test.GetDefaultBroker(workflow.Namespace)
+ broker2.Name = "broker-appointments"
+ // Create a fake client to mock API calls.
+ cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(workflow, plf, broker1, broker2).WithStatusSubresource(workflow, plf, broker1, broker2).Build()
+ utils.SetClient(cl)
+ triggers, err := TriggersCreator(workflow, plf)
+ assert.NoError(t, err)
+ assert.NotEmpty(t, triggers)
+ assert.Len(t, triggers, 2)
+ //Check the 1st trigger
+ name := kmeta.ChildName("vet-vetappointmentrequestreceived-", string(workflow.GetUID()))
+ trigger := getTrigger(name, triggers)
+ assert.NotNil(t, trigger)
+ assert.NotNil(t, trigger.GetLabels())
+ assert.Equal(t, trigger.GetLabels(), map[string]string{"app": "vet",
+ "sonataflow.org/workflow-app": "vet",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "vet",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator"})
+ assert.Equal(t, trigger.Namespace, workflow.Namespace) //trigger should be in the workflow namespace
+ assert.Equal(t, trigger.Spec.Broker, "broker-appointments-request")
+ assert.NotNil(t, trigger.Spec.Filter)
+ assert.Len(t, trigger.Spec.Filter.Attributes, 1)
+ assert.Equal(t, trigger.Spec.Filter.Attributes["type"], "events.vet.appointments.request")
+ //Check the 2nd trigger
+ name = kmeta.ChildName("vet-vetappointmentinfo-", string(workflow.GetUID()))
+ trigger = getTrigger(name, triggers)
+ assert.NotNil(t, trigger)
+ assert.NotNil(t, trigger.GetLabels())
+ assert.Equal(t, trigger.GetLabels(), map[string]string{"app": "vet",
+ "sonataflow.org/workflow-app": "vet",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "vet",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator"})
+ assert.Equal(t, trigger.Namespace, workflow.Namespace) //trigger should be in the workflow namespace
+ assert.Equal(t, trigger.Spec.Broker, "broker-appointments")
+ assert.NotNil(t, trigger.Spec.Filter)
+ assert.Len(t, trigger.Spec.Filter.Attributes, 1)
+ assert.Equal(t, trigger.Spec.Filter.Attributes["type"], "events.vet.appointments")
+func TestEnsureWorkflowTriggersWithoutBrokerAreNotCreated(t *testing.T) {
+ workflow := test.GetVetEventSonataFlow(t.Name())
+ workflow.Spec.Sink = nil
+ workflow.Spec.Sources = nil
+ plf := test.GetBasePlatform()
+ triggers, err := TriggersCreator(workflow, plf)
+ assert.NoError(t, err)
+ assert.Nil(t, triggers)
func TestMergePodSpec_WithPostgreSQL_and_JDBC_URL_field(t *testing.T) {
workflow := test.GetBaseSonataFlow(t.Name())
workflow.Spec = v1alpha08.SonataFlowSpec{
- PodTemplate: v1alpha08.PodTemplateSpec{
+ PodTemplate: v1alpha08.FlowPodTemplateSpec{
Container: v1alpha08.ContainerSpec{
// this one we can override
Image: "docker.io/example/my-workflow:1.0.0",
Ports: []corev1.ContainerPort{
// let's override a immutable attribute
- {Name: utils.HttpScheme, ContainerPort: 9090},
+ {Name: utils.DefaultServicePortName, ContainerPort: 9090},
Env: []corev1.EnvVar{
// We should be able to override this too
@@ -295,14 +461,6 @@ func TestMergePodSpec_WithPostgreSQL_and_JDBC_URL_field(t *testing.T) {
Value: "jdbc",
- {
- Value: "false",
- },
- {
- Value: "10000",
- },
assert.Len(t, deployment.Spec.Template.Spec.Containers, 2)
assert.Equal(t, "superuser", deployment.Spec.Template.Spec.ServiceAccountName)
@@ -321,7 +479,7 @@ var (
func TestMergePodSpec_OverrideContainers_WithPostgreSQL_In_Workflow_CR(t *testing.T) {
workflow := test.GetBaseSonataFlow(t.Name())
workflow.Spec = v1alpha08.SonataFlowSpec{
- PodTemplate: v1alpha08.PodTemplateSpec{
+ PodTemplate: v1alpha08.FlowPodTemplateSpec{
PodSpec: v1alpha08.PodSpec{
// Try to override the workflow container via the podspec
Containers: []corev1.Container{
@@ -329,7 +487,7 @@ func TestMergePodSpec_OverrideContainers_WithPostgreSQL_In_Workflow_CR(t *testin
Name: v1alpha08.DefaultContainerName,
Image: "docker.io/example/my-workflow:1.0.0",
Ports: []corev1.ContainerPort{
- {Name: utils.HttpScheme, ContainerPort: 9090},
+ {Name: utils.DefaultServicePortName, ContainerPort: 9090},
Env: []corev1.EnvVar{
{Name: "ENV1", Value: "VALUE_CUSTOM"},
@@ -387,14 +545,6 @@ func TestMergePodSpec_OverrideContainers_WithPostgreSQL_In_Workflow_CR(t *testin
Value: "jdbc",
- {
- Value: "false",
- },
- {
- Value: "10000",
- },
assert.Len(t, deployment.Spec.Template.Spec.Containers, 1)
flowContainer, _ := kubeutil.GetContainerByName(v1alpha08.DefaultContainerName, &deployment.Spec.Template.Spec)
@@ -467,14 +617,6 @@ func TestMergePodSpec_WithServicedPostgreSQL_In_Platform_CR_And_Worflow_Requesti
Value: "jdbc",
- {
- Value: "false",
- },
- {
- Value: "10000",
- },
assert.Len(t, deployment.Spec.Template.Spec.Containers, 1)
flowContainer, _ := kubeutil.GetContainerByName(v1alpha08.DefaultContainerName, &deployment.Spec.Template.Spec)
@@ -510,7 +652,7 @@ func TestMergePodSpec_WithServicedPostgreSQL_In_Platform_And_In_Workflow_CR(t *t
workflow := test.GetBaseSonataFlow(t.Name())
workflow.Spec = v1alpha08.SonataFlowSpec{
- PodTemplate: v1alpha08.PodTemplateSpec{
+ PodTemplate: v1alpha08.FlowPodTemplateSpec{
PodSpec: v1alpha08.PodSpec{
// Try to override the workflow container via the podspec
Containers: []corev1.Container{
@@ -518,7 +660,7 @@ func TestMergePodSpec_WithServicedPostgreSQL_In_Platform_And_In_Workflow_CR(t *t
Name: v1alpha08.DefaultContainerName,
Image: "docker.io/example/my-workflow:1.0.0",
Ports: []corev1.ContainerPort{
- {Name: utils.HttpScheme, ContainerPort: 9090},
+ {Name: utils.DefaultServicePortName, ContainerPort: 9090},
Env: []corev1.EnvVar{
{Name: "ENV1", Value: "VALUE_CUSTOM"},
@@ -575,14 +717,6 @@ func TestMergePodSpec_WithServicedPostgreSQL_In_Platform_And_In_Workflow_CR(t *t
Value: "jdbc",
- {
- Value: "false",
- },
- {
- Value: "10000",
- },
assert.Len(t, deployment.Spec.Template.Spec.Containers, 1)
flowContainer, _ := kubeutil.GetContainerByName(v1alpha08.DefaultContainerName, &deployment.Spec.Template.Spec)
@@ -629,3 +763,208 @@ func TestMergePodSpec_WithServicedPostgreSQL_In_Platform_But_Workflow_CR_Not_Req
assert.Equal(t, int32(8080), flowContainer.Ports[0].ContainerPort)
assert.Nil(t, flowContainer.Env)
+func TestDefaultContainer_WithPlatformPersistenceWorkflowWithDefaultProfile(t *testing.T) {
+ workflow := test.GetBaseSonataFlow(t.Name())
+ doTestDefaultContainer_WithPlatformPersistence(t, workflow, true)
+func TestDefaultContainer_WithPlatformPersistenceWorkflowWithPreviewProfile(t *testing.T) {
+ workflow := test.GetBaseSonataFlow(t.Name())
+ workflowproj.SetWorkflowProfile(workflow, metadata.PreviewProfile)
+ doTestDefaultContainer_WithPlatformPersistence(t, workflow, true)
+func TestDefaultContainer_WithPlatformPersistenceWorkflowWithGitOpsProfile(t *testing.T) {
+ workflow := test.GetBaseSonataFlow(t.Name())
+ workflowproj.SetWorkflowProfile(workflow, metadata.GitOpsProfile)
+ doTestDefaultContainer_WithPlatformPersistence(t, workflow, true)
+func TestDefaultContainer_WithPlatformPersistenceWorkflowWithDevProfile(t *testing.T) {
+ workflow := test.GetBaseSonataFlow(t.Name())
+ workflowproj.SetWorkflowProfile(workflow, metadata.DevProfile)
+ doTestDefaultContainer_WithPlatformPersistence(t, workflow, false)
+func doTestDefaultContainer_WithPlatformPersistence(t *testing.T, workflow *v1alpha08.SonataFlow, checkPersistence bool) {
+ platform := &v1alpha08.SonataFlowPlatform{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "foo",
+ Namespace: "default",
+ },
+ Spec: v1alpha08.SonataFlowPlatformSpec{
+ Persistence: &v1alpha08.PlatformPersistenceOptionsSpec{
+ PostgreSQL: &v1alpha08.PlatformPersistencePostgreSQL{
+ SecretRef: v1alpha08.PostgreSQLSecretOptions{
+ Name: "foo_secret",
+ UserKey: "username",
+ PasswordKey: "password",
+ },
+ ServiceRef: &v1alpha08.SQLServiceOptions{
+ Name: "service_name",
+ Namespace: "service_namespace",
+ Port: &postgreSQLPort,
+ DatabaseName: "foo",
+ },
+ },
+ },
+ },
+ }
+ container, err := defaultContainer(workflow, platform)
+ assert.Nil(t, err)
+ assert.NotNil(t, container)
+ assert.Equal(t, "workflow", container.Name)
+ //verify default container port.
+ assert.Equal(t, 1, len(container.Ports))
+ assert.Equal(t, "h2c", container.Ports[0].Name)
+ assert.Equal(t, int32(0), container.Ports[0].HostPort)
+ assert.Equal(t, int32(8080), container.Ports[0].ContainerPort)
+ assert.Equal(t, corev1.Protocol("TCP"), container.Ports[0].Protocol)
+ assert.Equal(t, "", container.Ports[0].HostIP)
+ //verify default container health checks
+ assert.Equal(t, &corev1.Probe{
+ ProbeHandler: corev1.ProbeHandler{
+ Exec: nil,
+ HTTPGet: &corev1.HTTPGetAction{
+ Path: "/q/health/live",
+ Port: intstr.IntOrString{
+ Type: 0,
+ IntVal: 8080,
+ StrVal: "",
+ },
+ Host: "",
+ Scheme: "",
+ HTTPHeaders: nil,
+ },
+ TCPSocket: nil,
+ GRPC: nil,
+ },
+ InitialDelaySeconds: 0,
+ TimeoutSeconds: 3,
+ PeriodSeconds: 15,
+ SuccessThreshold: 0,
+ FailureThreshold: 0,
+ TerminationGracePeriodSeconds: nil,
+ }, container.LivenessProbe)
+ assert.Equal(t, &corev1.Probe{
+ ProbeHandler: corev1.ProbeHandler{
+ Exec: nil,
+ HTTPGet: &corev1.HTTPGetAction{
+ Path: "/q/health/ready",
+ Port: intstr.IntOrString{
+ Type: 0,
+ IntVal: 8080,
+ StrVal: "",
+ },
+ Host: "",
+ Scheme: "",
+ HTTPHeaders: nil,
+ },
+ TCPSocket: nil,
+ GRPC: nil,
+ },
+ InitialDelaySeconds: 0,
+ TimeoutSeconds: 3,
+ PeriodSeconds: 15,
+ SuccessThreshold: 0,
+ FailureThreshold: 0,
+ TerminationGracePeriodSeconds: nil,
+ }, container.ReadinessProbe)
+ assert.Equal(t, &corev1.Probe{
+ ProbeHandler: corev1.ProbeHandler{
+ Exec: nil,
+ HTTPGet: &corev1.HTTPGetAction{
+ Path: "/q/health/started",
+ Port: intstr.IntOrString{
+ Type: 0,
+ IntVal: 8080,
+ StrVal: "",
+ },
+ Host: "",
+ Scheme: "",
+ HTTPHeaders: nil,
+ },
+ TCPSocket: nil,
+ GRPC: nil,
+ },
+ InitialDelaySeconds: 10,
+ TimeoutSeconds: 3,
+ PeriodSeconds: 15,
+ SuccessThreshold: 0,
+ FailureThreshold: 5,
+ TerminationGracePeriodSeconds: nil,
+ }, container.StartupProbe)
+ //verify the persistence configuration is present if requested.
+ if checkPersistence {
+ expectedEnvVars := []corev1.EnvVar{
+ {
+ Value: "",
+ ValueFrom: &corev1.EnvVarSource{
+ SecretKeyRef: &corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{Name: "foo_secret"}, Key: "username",
+ },
+ },
+ },
+ {
+ Value: "",
+ ValueFrom: &corev1.EnvVarSource{
+ SecretKeyRef: &corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{Name: "foo_secret"}, Key: "password",
+ },
+ },
+ },
+ {
+ Value: "postgresql",
+ },
+ {
+ Value: "jdbc:postgresql://service_name.service_namespace:5432/foo?currentSchema=greeting",
+ },
+ {
+ Value: "jdbc",
+ },
+ }
+ assert.Equal(t, expectedEnvVars, container.Env)
+ } else {
+ //no persistence
+ assert.Nil(t, container.Env)
+ }
+func TestEnsureWorkflowServiceMonitorIsCreatedWhenDeployedAsDeployment(t *testing.T) {
+ workflow := test.GetVetEventSonataFlow(t.Name())
+ assert.Equal(t, workflow.IsKnativeDeployment(), false)
+ serviceMonitor, err := ServiceMonitorCreator(workflow)
+ assert.NoError(t, err)
+ assert.NotNil(t, serviceMonitor)
+ serviceMonitor.SetUID("1")
+ serviceMonitor.SetResourceVersion("1")
+ reflectServiceMonitor := serviceMonitor.(*prometheus.ServiceMonitor)
+ assert.NotNil(t, reflectServiceMonitor)
+ assert.NotNil(t, reflectServiceMonitor.Spec)
+ assert.Equal(t, len(reflectServiceMonitor.Spec.Selector.MatchLabels), 2)
+ assert.Equal(t, reflectServiceMonitor.Spec.Selector.MatchLabels[workflowproj.LabelWorkflow], workflow.Name)
+ assert.Equal(t, reflectServiceMonitor.Spec.Selector.MatchLabels[workflowproj.LabelWorkflowNamespace], workflow.Namespace)
+ assert.Equal(t, reflectServiceMonitor.Spec.Endpoints[0].Port, k8sServicePortName)
+ assert.Equal(t, reflectServiceMonitor.Spec.Endpoints[0].Path, metricsServicePortPath)
+ assert.NotNil(t, reflectServiceMonitor.GetLabels())
+ assert.Equal(t, reflectServiceMonitor.ObjectMeta.Labels, map[string]string{
+ "app": workflow.Name,
+ "sonataflow.org/workflow-app": workflow.Name,
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": workflow.Name,
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator"})
diff --git a/packages/sonataflow-operator/controllers/workflows/constants.go b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence.go
similarity index 63%
rename from packages/sonataflow-operator/controllers/workflows/constants.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence.go
index 4ed4e5a150f..86d2301e5ab 100644
--- a/packages/sonataflow-operator/controllers/workflows/constants.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence.go
@@ -15,13 +15,30 @@
// specific language governing permissions and limitations
// under the License.
-package workflows
+package persistence
+import (
+ "github.com/magiconair/properties"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
const (
QuarkusFlywayMigrateAtStart string = "quarkus.flyway.migrate-at-start"
+ QuarkusDatasourceDBKind string = "quarkus.datasource.db-kind"
QuarkusDatasourceJDBCURL string = "quarkus.datasource.jdbc.url"
KogitoPersistenceType string = "kogito.persistence.type"
JDBCPersistenceType string = "jdbc"
KogitoPersistenceQueryTimeoutMillis string = "kogito.persistence.query.timeout.millis"
KogitoPersistenceProtoMarshaller string = "kogito.persistence.proto.marshaller"
+ PostgreSQLDBKind string = "postgresql"
+// ResolveWorkflowPersistenceProperties returns the set of application properties required for the workflow persistence.
+// Never nil.
+func ResolveWorkflowPersistenceProperties(workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) (*properties.Properties, error) {
+ if UsesPostgreSQLPersistence(workflow, platform) {
+ return GetPostgreSQLWorkflowProperties(workflow), nil
+ }
+ return properties.NewProperties(), nil
diff --git a/packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence_suite_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence_suite_test.go
new file mode 100644
index 00000000000..087240c54f3
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence_suite_test.go
@@ -0,0 +1,30 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package persistence
+import (
+ "testing"
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+func TestPersistence(t *testing.T) {
+ RegisterFailHandler(Fail)
+ RunSpecs(t, "Persistence Suite")
diff --git a/packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence_test.go
new file mode 100644
index 00000000000..40674434311
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/persistence_test.go
@@ -0,0 +1,88 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package persistence
+import (
+ "testing"
+ "github.com/stretchr/testify/assert"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+func TestResolveWorkflowPersistenceProperties_WithWorkflowPersistence(t *testing.T) {
+ workflow := operatorapi.SonataFlow{
+ Spec: operatorapi.SonataFlowSpec{
+ Persistence: &operatorapi.PersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PersistencePostgreSQL{},
+ },
+ },
+ }
+ platform := operatorapi.SonataFlowPlatform{}
+ testResolveWorkflowPersistencePropertiesWithPersistence(t, &workflow, &platform)
+func TestResolveWorkflowPersistenceProperties_WithPlatformPersistence(t *testing.T) {
+ workflow := operatorapi.SonataFlow{}
+ platform := operatorapi.SonataFlowPlatform{
+ Spec: operatorapi.SonataFlowPlatformSpec{
+ Persistence: &operatorapi.PlatformPersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PlatformPersistencePostgreSQL{},
+ },
+ },
+ }
+ testResolveWorkflowPersistencePropertiesWithPersistence(t, &workflow, &platform)
+func TestResolveWorkflowPersistenceProperties_WithPlatformPersistenceButBannedInWorkflow(t *testing.T) {
+ workflow := operatorapi.SonataFlow{}
+ workflow.Spec.Persistence = &operatorapi.PersistenceOptionsSpec{}
+ platform := operatorapi.SonataFlowPlatform{
+ Spec: operatorapi.SonataFlowPlatformSpec{
+ Persistence: &operatorapi.PlatformPersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PlatformPersistencePostgreSQL{},
+ },
+ },
+ }
+ props, err := ResolveWorkflowPersistenceProperties(&workflow, &platform)
+ assert.NotNil(t, props)
+ assert.Nil(t, err)
+ assert.Equal(t, 0, props.Len())
+func TestResolveWorkflowPersistenceProperties_WithNoPersistence(t *testing.T) {
+ workflow := operatorapi.SonataFlow{}
+ platform := operatorapi.SonataFlowPlatform{}
+ props, err := ResolveWorkflowPersistenceProperties(&workflow, &platform)
+ assert.NotNil(t, props)
+ assert.Nil(t, err)
+ assert.Equal(t, 0, props.Len())
+func testResolveWorkflowPersistencePropertiesWithPersistence(t *testing.T, workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) {
+ props, err := ResolveWorkflowPersistenceProperties(workflow, platform)
+ assert.Nil(t, err)
+ assert.NotNil(t, props)
+ assert.Equal(t, 3, props.Len())
+ value, _ := props.Get("kogito.persistence.type")
+ assert.Equal(t, "jdbc", value)
+ value, _ = props.Get("quarkus.datasource.db-kind")
+ assert.Equal(t, "postgresql", value)
+ value, _ = props.Get("kogito.persistence.proto.marshaller")
+ assert.Equal(t, "false", value)
diff --git a/packages/sonataflow-operator/controllers/profiles/common/persistence/postgresql.go b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/postgresql.go
similarity index 64%
rename from packages/sonataflow-operator/controllers/profiles/common/persistence/postgresql.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/persistence/postgresql.go
index 96250571214..b81f3d53d73 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/persistence/postgresql.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/postgresql.go
@@ -20,30 +20,23 @@ package persistence
import (
+ "github.com/magiconair/properties"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
corev1 "k8s.io/api/core/v1"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
const (
- defaultDatabaseName = "sonataflow"
- timeoutSeconds = 3
- failureThreshold = 5
- initialPeriodSeconds = 15
- initialDelaySeconds = 10
- successThreshold = 1
- postgreSQLCPULimit = "500m"
- postgreSQLMemoryLimit = "256Mi"
- postgreSQLMemoryRequest = "256Mi"
- postgreSQLCPURequest = "100m"
- defaultPostgreSQLUsername = "sonataflow"
- defaultPostgresSQLPassword = "sonataflow"
+ defaultDatabaseName = "sonataflow"
+// ConfigurePostgreSQLEnv returns the common env variables required for the DataIndex or JobsService when postresql persistence is used.
func ConfigurePostgreSQLEnv(postgresql *operatorapi.PersistencePostgreSQL, databaseSchema, databaseNamespace string) []corev1.EnvVar {
dataSourcePort := constants.DefaultPostgreSQLPort
databaseName := defaultDatabaseName
@@ -105,14 +98,6 @@ func ConfigurePostgreSQLEnv(postgresql *operatorapi.PersistencePostgreSQL, datab
Value: "jdbc",
- {
- Value: "false",
- },
- {
- Value: "10000",
- },
@@ -132,6 +117,19 @@ func RetrieveConfiguration(primary *v1alpha08.PersistenceOptionsSpec, platformPe
if platformPersistence == nil {
return nil
+ return buildPersistenceOptionsSpec(platformPersistence, schema)
+// RetrievePostgreSQLConfiguration return the PersistenceOptionsSpec considering that postgresql is the database manager
+// to look for. Gives priority to the primary configuration.
+func RetrievePostgreSQLConfiguration(primary *v1alpha08.PersistenceOptionsSpec, platformPersistence *v1alpha08.PlatformPersistenceOptionsSpec, schema string) *v1alpha08.PersistenceOptionsSpec {
+ if primary != nil && primary.PostgreSQL != nil {
+ return primary
+ }
+ return buildPersistenceOptionsSpec(platformPersistence, schema)
+func buildPersistenceOptionsSpec(platformPersistence *v1alpha08.PlatformPersistenceOptionsSpec, schema string) *v1alpha08.PersistenceOptionsSpec {
c := &v1alpha08.PersistenceOptionsSpec{}
if platformPersistence.PostgreSQL != nil {
c.PostgreSQL = &v1alpha08.PersistencePostgreSQL{
@@ -148,3 +146,27 @@ func RetrieveConfiguration(primary *v1alpha08.PersistenceOptionsSpec, platformPe
return c
+func UsesPostgreSQLPersistence(workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) bool {
+ return (workflow.Spec.Persistence != nil && workflow.Spec.Persistence.PostgreSQL != nil) ||
+ (workflow.Spec.Persistence == nil && platform.Spec.Persistence != nil && platform.Spec.Persistence.PostgreSQL != nil)
+// GetPostgreSQLExtensions returns the Quarkus extensions required for postgresql persistence.
+func GetPostgreSQLExtensions() []cfg.GAV {
+ return cfg.GetCfg().PostgreSQLPersistenceExtensions
+// GetPostgreSQLWorkflowProperties returns the set of application properties required for postgresql persistence.
+// Never nil.
+func GetPostgreSQLWorkflowProperties(workflow *operatorapi.SonataFlow) *properties.Properties {
+ props := properties.NewProperties()
+ if !profiles.IsDevProfile(workflow) && !profiles.IsGitOpsProfile(workflow) {
+ // build-time property required by kogito-runtimes to feed flyway build-time settings and package the necessary .sql files.
+ props.Set(QuarkusDatasourceDBKind, PostgreSQLDBKind)
+ // build-time properties for kogito-runtimes to use jdbc
+ props.Set(KogitoPersistenceType, JDBCPersistenceType)
+ props.Set(KogitoPersistenceProtoMarshaller, "false")
+ }
+ return props
diff --git a/packages/sonataflow-operator/internal/controller/profiles/common/persistence/postgresql_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/postgresql_test.go
new file mode 100644
index 00000000000..0a1f43c1218
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/persistence/postgresql_test.go
@@ -0,0 +1,150 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package persistence
+import (
+ . "github.com/onsi/ginkgo/v2"
+ . "github.com/onsi/gomega"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+const (
+ primaryPostgreSQLJdbc = "jdbc:postgresql://host:port/database?currentSchema=primary-database"
+ platformPostgreSQLJdbc = "jdbc:postgresql://host:port/database?currentSchema=platform-database"
+ schemaName = "my-schema"
+var (
+ primaryPostgreSQLSecret = operatorapi.PostgreSQLSecretOptions{
+ Name: "primary-secret",
+ }
+ primaryPostreSQLService = operatorapi.PostgreSQLServiceOptions{
+ SQLServiceOptions: &operatorapi.SQLServiceOptions{Name: "primary-service"},
+ DatabaseSchema: "primary-schema",
+ }
+ plaformPostgreSQLSecret = operatorapi.PostgreSQLSecretOptions{
+ Name: "platform-secret",
+ }
+ platformPostreSQLService = operatorapi.SQLServiceOptions{
+ Name: "platform-service",
+ }
+var _ = Describe("RetrievePostgreSQLConfiguration", func() {
+ DescribeTable("calculation",
+ func(primary *operatorapi.PersistenceOptionsSpec,
+ platformPersistence *operatorapi.PlatformPersistenceOptionsSpec,
+ schema string,
+ expectedConfig *operatorapi.PersistenceOptionsSpec) {
+ result := RetrievePostgreSQLConfiguration(primary, platformPersistence, schema)
+ Expect(expectedConfig).To(Equal(result))
+ },
+ Entry("primary is postgresql with JdbcUrl", buildPrimaryIsPostgreSQLWithJdbcUrl(),
+ buildPlatformIsPostgreSQLWithJdbcUrl(),
+ schemaName,
+ buildPrimaryIsPostgreSQLWithJdbcUrl()),
+ Entry("primary is postgresql ServiceRef", buildPrimaryIsPostgreSQLWithServiceRef(),
+ buildPlatformIsPostgreSQLWithJdbcUrl(),
+ schemaName,
+ buildPrimaryIsPostgreSQLWithServiceRef()),
+ Entry("primary is nil, platform with JdbcUrl",
+ nil,
+ buildPlatformIsPostgreSQLWithJdbcUrl(),
+ schemaName,
+ &operatorapi.PersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PersistencePostgreSQL{
+ SecretRef: plaformPostgreSQLSecret,
+ JdbcUrl: platformPostgreSQLJdbc,
+ },
+ }),
+ Entry("primary is empty, platform with JdbcUrl",
+ &operatorapi.PersistenceOptionsSpec{},
+ buildPlatformIsPostgreSQLWithJdbcUrl(),
+ schemaName,
+ &operatorapi.PersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PersistencePostgreSQL{
+ SecretRef: plaformPostgreSQLSecret,
+ JdbcUrl: platformPostgreSQLJdbc,
+ },
+ }),
+ Entry("primary is nil, platform with ServiceRef",
+ nil,
+ buildPlatformIsPostgreSQLWithServiceRef(),
+ schemaName,
+ &operatorapi.PersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PersistencePostgreSQL{
+ ServiceRef: &operatorapi.PostgreSQLServiceOptions{
+ SQLServiceOptions: &platformPostreSQLService,
+ DatabaseSchema: schemaName,
+ },
+ SecretRef: plaformPostgreSQLSecret,
+ },
+ }),
+ Entry("primary is empty, platform with ServiceRef",
+ &operatorapi.PersistenceOptionsSpec{},
+ buildPlatformIsPostgreSQLWithServiceRef(),
+ schemaName,
+ &operatorapi.PersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PersistencePostgreSQL{
+ ServiceRef: &operatorapi.PostgreSQLServiceOptions{
+ SQLServiceOptions: &platformPostreSQLService,
+ DatabaseSchema: schemaName,
+ },
+ SecretRef: plaformPostgreSQLSecret,
+ },
+ }),
+ )
+func buildPrimaryIsPostgreSQLWithJdbcUrl() *operatorapi.PersistenceOptionsSpec {
+ return &operatorapi.PersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PersistencePostgreSQL{
+ JdbcUrl: primaryPostgreSQLJdbc,
+ SecretRef: primaryPostgreSQLSecret,
+ },
+ }
+func buildPrimaryIsPostgreSQLWithServiceRef() *operatorapi.PersistenceOptionsSpec {
+ return &operatorapi.PersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PersistencePostgreSQL{
+ ServiceRef: &primaryPostreSQLService,
+ SecretRef: primaryPostgreSQLSecret,
+ },
+ }
+func buildPlatformIsPostgreSQLWithJdbcUrl() *operatorapi.PlatformPersistenceOptionsSpec {
+ return &operatorapi.PlatformPersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PlatformPersistencePostgreSQL{
+ JdbcUrl: platformPostgreSQLJdbc,
+ SecretRef: plaformPostgreSQLSecret,
+ },
+ }
+func buildPlatformIsPostgreSQLWithServiceRef() *operatorapi.PlatformPersistenceOptionsSpec {
+ return &operatorapi.PlatformPersistenceOptionsSpec{
+ PostgreSQL: &operatorapi.PlatformPersistencePostgreSQL{
+ ServiceRef: &platformPostreSQLService,
+ SecretRef: plaformPostgreSQLSecret,
+ },
+ }
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/discovery.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/discovery.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/discovery.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/discovery.go
index 0d4b746bee1..ac3456f0090 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/properties/discovery.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/properties/discovery.go
@@ -25,11 +25,12 @@ import (
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/discovery"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/discovery"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
const (
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/discovery_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/discovery_test.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/discovery_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/discovery_test.go
index bdc03750c88..7f3bb26e2c2 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/properties/discovery_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/properties/discovery_test.go
@@ -23,12 +23,13 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
func Test_generateDiscoveryProperties(t *testing.T) {
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/knative.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/knative.go
similarity index 79%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/knative.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/knative.go
index 8d5f327195d..a87ff0580d3 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/properties/knative.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/properties/knative.go
@@ -18,23 +18,29 @@
package properties
import (
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
cncfmodel "github.com/serverlessworkflow/sdk-go/v2/model"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
// generateKnativeEventingWorkflowProperties returns the set of application properties required for the workflow to produce or consume
// Knative Events.
// Never nil.
-func generateKnativeEventingWorkflowProperties(workflow *operatorapi.SonataFlow) (*properties.Properties, error) {
+func generateKnativeEventingWorkflowProperties(workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) (*properties.Properties, error) {
props := properties.NewProperties()
- if workflow == nil || workflow.Spec.Sink == nil {
+ props.Set(constants.KnativeHealthEnabled, "false")
+ sink, err := knative.GetWorkflowSink(workflow, platform)
+ if err != nil {
+ return nil, err
+ }
+ if workflow == nil || sink == nil {
props.Set(constants.KnativeHealthEnabled, "false")
return props, nil
- // verify ${K_SINK}
props.Set(constants.KnativeHealthEnabled, "true")
if workflowdef.ContainsEventKind(workflow, cncfmodel.EventKindProduced) {
props.Set(constants.KogitoOutgoingEventsConnector, constants.QuarkusHTTP)
@@ -42,11 +48,7 @@ func generateKnativeEventingWorkflowProperties(workflow *operatorapi.SonataFlow)
if workflowdef.ContainsEventKind(workflow, cncfmodel.EventKindConsumed) {
props.Set(constants.KogitoIncomingEventsConnector, constants.QuarkusHTTP)
- var path = "/"
- if workflow.Spec.Sink.URI != nil {
- path = workflow.Spec.Sink.URI.Path
- }
- props.Set(constants.KogitoIncomingEventsPath, path)
+ props.Set(constants.KogitoIncomingEventsPath, "/")
return props, nil
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/managed.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/managed.go
similarity index 72%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/managed.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/managed.go
index 088ab2a4eb5..1587f5440b5 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/properties/managed.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/properties/managed.go
@@ -23,11 +23,17 @@ import (
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/persistence"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/discovery"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform/services"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/discovery"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform/services"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
@@ -94,6 +100,10 @@ func (a *managedPropertyHandler) Build() string {
// produce the MicroProfileConfigServiceCatalog properties for the service discovery property values if any.
discoveryProps.Merge(generateDiscoveryProperties(a.ctx, a.catalog, userProps, a.workflow))
+ if profiles.IsDevProfile(a.workflow) && a.requireServiceDiscovery() {
+ // produce dev profile properties that must be calculated at service discovery time.
+ setDevProfileDiscoveryProperties(a.ctx, a.catalog, a.defaultManagedProperties, a.workflow)
+ }
userProps = utils.NewApplicationPropertiesBuilder().
@@ -108,9 +118,9 @@ func (a *managedPropertyHandler) Build() string {
func (a *managedPropertyHandler) withKogitoServiceUrl() ManagedPropertyHandler {
var kogitoServiceUrl string
if len(a.workflow.Namespace) > 0 {
- kogitoServiceUrl = fmt.Sprintf("%s://%s.%s", constants.KogitoServiceURLProtocol, a.workflow.Name, a.workflow.Namespace)
+ kogitoServiceUrl = fmt.Sprintf("%s://%s.%s", constants.DefaultHTTPProtocol, a.workflow.Name, a.workflow.Namespace)
} else {
- kogitoServiceUrl = fmt.Sprintf("%s://%s", constants.KogitoServiceURLProtocol, a.workflow.Name)
+ kogitoServiceUrl = fmt.Sprintf("%s://%s", constants.DefaultHTTPProtocol, a.workflow.Name)
return a.addDefaultManagedProperty(constants.KogitoServiceURLProperty, kogitoServiceUrl)
@@ -119,7 +129,7 @@ func (a *managedPropertyHandler) withKogitoServiceUrl() ManagedPropertyHandler {
// See Service Discovery https://kubernetes.io/docs/concepts/services-networking/service/#dns
func (a *managedPropertyHandler) withKafkaHealthCheckDisabled() ManagedPropertyHandler {
- constants.DataIndexKafkaSmallRyeHealthProperty,
+ constants.DataIndexKafkaHealthCheck,
return a
@@ -146,14 +156,22 @@ func NewManagedPropertyHandler(workflow *operatorapi.SonataFlow, platform *opera
platform: platform,
props := properties.NewProperties()
+ if profiles.IsDevProfile(workflow) {
+ setDevProfileProperties(props)
+ }
+ setControllersConfigProperties(workflow, props)
props.Set(constants.KogitoUserTasksEventsEnabled, "false")
- props.Set(constants.KogitoDataIndexQuarkusDevUICors, "false")
if platform != nil {
p, err := resolvePlatformWorkflowProperties(platform)
if err != nil {
return nil, err
+ p, err = persistence.ResolveWorkflowPersistenceProperties(workflow, platform)
+ if err != nil {
+ return nil, err
+ }
+ props.Merge(p)
p, err = services.GenerateDataIndexWorkflowProperties(workflow, platform)
if err != nil {
return nil, err
@@ -166,7 +184,7 @@ func NewManagedPropertyHandler(workflow *operatorapi.SonataFlow, platform *opera
- p, err := generateKnativeEventingWorkflowProperties(workflow)
+ p, err := generateKnativeEventingWorkflowProperties(workflow, platform)
if err != nil {
return nil, err
@@ -177,6 +195,42 @@ func NewManagedPropertyHandler(workflow *operatorapi.SonataFlow, platform *opera
return handler.withKogitoServiceUrl(), nil
+func setControllersConfigProperties(workflow *operatorapi.SonataFlow, props *properties.Properties) {
+ if !profiles.IsDevProfile(workflow) && cfg.GetCfg().KogitoEventsGrouping {
+ props.Set(constants.KogitoEventsGrouping, "true")
+ if cfg.GetCfg().KogitoEventsGroupingBinary {
+ props.Set(constants.KogitoEventsGroupingBinary, "true")
+ if cfg.GetCfg().KogitoEventsGroupingCompress {
+ props.Set(constants.KogitoEventsGroupingCompress, "true")
+ }
+ }
+ }
+func setDevProfileProperties(props *properties.Properties) {
+ props.Set(constants.QuarkusDevUICorsEnabled, "false")
+func setDevProfileDiscoveryProperties(ctx context.Context, catalog discovery.ServiceCatalog, props *properties.Properties, workflow *operatorapi.SonataFlow) {
+ if utils.IsOpenShift() {
+ // in OpenShift deployments the route is created before the workflow, at this point it can be queried safely.
+ routeUrl, err := catalog.Query(ctx, *discovery.NewResourceUriBuilder(discovery.OpenshiftScheme).
+ Kind("routes").
+ Group("route.openshift.io").
+ Version("v1").
+ Namespace(workflow.Namespace).
+ Name(workflow.Name).
+ Build(),
+ discovery.KubernetesDNSAddress)
+ if err != nil {
+ klog.V(log.E).ErrorS(err, "An error was produced while getting workflow route url. ", "workflow", workflow.Name)
+ } else {
+ props.Set(constants.QuarkusHttpCors, "true")
+ props.Set(constants.QuarkusHttpCorsOrigins, routeUrl)
+ }
+ }
// ApplicationManagedProperties immutable default application properties that can be used with any workflow based on Quarkus.
// Alias for NewManagedPropertyHandler(workflow).Build()
func ApplicationManagedProperties(workflow *operatorapi.SonataFlow, platform *operatorapi.SonataFlowPlatform) (string, error) {
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/managed_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/managed_test.go
similarity index 65%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/managed_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/managed_test.go
index 5b307df8ed5..3da8fed7004 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/properties/managed_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/properties/managed_test.go
@@ -24,14 +24,16 @@ import (
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/discovery"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform/services"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/discovery"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform/services"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
@@ -67,14 +69,8 @@ const (
var (
- enabled = true
- disabled = false
- jobServiceDevProperties *properties.Properties
- jobServiceProdProperties *properties.Properties
- dataIndexDevProperties *properties.Properties
- dataIndexProdProperties *properties.Properties
- dataIndexJobServiceDevProperties *properties.Properties
- dataIndexJobServiceProdProperties *properties.Properties
+ enabled = true
+ disabled = false
type mockCatalogService struct {
@@ -111,7 +107,8 @@ func (c *mockCatalogService) Query(ctx context.Context, uri discovery.ResourceUr
func Test_appPropertyHandler_WithKogitoServiceUrl(t *testing.T) {
workflow := test.GetBaseSonataFlow("default")
- props, err := ApplicationManagedProperties(workflow, nil)
+ platform := test.GetBasePlatform()
+ props, err := ApplicationManagedProperties(workflow, platform)
assert.NoError(t, err)
assert.Contains(t, props, constants.KogitoServiceURLProperty)
assert.Contains(t, props, "http://"+workflow.Name+"."+workflow.Namespace)
@@ -121,11 +118,12 @@ func Test_appPropertyHandler_WithUserPropertiesWithNoUserOverrides(t *testing.T)
//just add some user provided properties, no overrides.
userProperties := "property1=value1\nproperty2=value2"
workflow := test.GetBaseSonataFlow("default")
- props, err := NewManagedPropertyHandler(workflow, nil)
+ platform := test.GetBasePlatform()
+ props, err := NewManagedPropertyHandler(workflow, platform)
assert.NoError(t, err)
generatedProps, propsErr := properties.LoadString(props.WithUserProperties(userProperties).Build())
assert.NoError(t, propsErr)
- assert.Equal(t, 8, len(generatedProps.Keys()))
+ assert.Equal(t, 12, len(generatedProps.Keys()))
assert.NotContains(t, "property1", generatedProps.Keys())
assert.NotContains(t, "property2", generatedProps.Keys())
assert.Equal(t, "http://greeting.default", generatedProps.GetString("kogito.service.url", ""))
@@ -134,7 +132,11 @@ func Test_appPropertyHandler_WithUserPropertiesWithNoUserOverrides(t *testing.T)
assert.Equal(t, "false", generatedProps.GetString("quarkus.devservices.enabled", ""))
assert.Equal(t, "false", generatedProps.GetString("quarkus.kogito.devservices.enabled", ""))
assert.Equal(t, "false", generatedProps.GetString(constants.KogitoUserTasksEventsEnabled, ""))
- assert.Equal(t, "false", generatedProps.GetString("%dev.quarkus.dev-ui.cors.enabled", ""))
+ assert.Equal(t, "false", generatedProps.GetString(constants.KogitoProcessDefinitionsEventsEnabled, ""))
+ assert.Equal(t, "false", generatedProps.GetString(constants.KogitoProcessInstancesEventsEnabled, ""))
+ assert.Equal(t, "quarkus-http", generatedProps.GetString("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", ""))
+ assert.Equal(t, "http://localhost/v2/jobs/events", generatedProps.GetString("mp.messaging.outgoing.kogito-job-service-job-request-events.url", ""))
+ assert.Equal(t, "false", generatedProps.GetString("org.kie.kogito.addons.knative.eventing.health-enabled", ""))
func Test_appPropertyHandler_WithUserPropertiesWithServiceDiscovery(t *testing.T) {
@@ -150,7 +152,8 @@ func Test_appPropertyHandler_WithUserPropertiesWithServiceDiscovery(t *testing.T
userProperties = userProperties + "broker2=${knative:brokers.v1.eventing.knative.dev/my-kn-broker2}\n"
workflow := test.GetBaseSonataFlow(defaultNamespace)
- props, err := NewManagedPropertyHandler(workflow, nil)
+ platform := test.GetBasePlatform()
+ props, err := NewManagedPropertyHandler(workflow, platform)
assert.NoError(t, err)
generatedProps, propsErr := properties.LoadString(props.
@@ -158,7 +161,7 @@ func Test_appPropertyHandler_WithUserPropertiesWithServiceDiscovery(t *testing.T
generatedProps.DisableExpansion = true
assert.NoError(t, propsErr)
- assert.Equal(t, 22, len(generatedProps.Keys()))
+ assert.Equal(t, 26, len(generatedProps.Keys()))
assert.NotContains(t, "property1", generatedProps.Keys())
assert.NotContains(t, "property2", generatedProps.Keys())
assertHasProperty(t, generatedProps, "service1", myService1Address)
@@ -184,9 +187,14 @@ func Test_appPropertyHandler_WithUserPropertiesWithServiceDiscovery(t *testing.T
assertHasProperty(t, generatedProps, "quarkus.http.host", "")
assertHasProperty(t, generatedProps, "quarkus.devservices.enabled", "false")
assertHasProperty(t, generatedProps, "quarkus.kogito.devservices.enabled", "false")
- assertHasProperty(t, generatedProps, "quarkus.kogito.devservices.enabled", "false")
- assertHasProperty(t, generatedProps, "%dev.quarkus.dev-ui.cors.enabled", "false")
assertHasProperty(t, generatedProps, constants.KogitoUserTasksEventsEnabled, "false")
+ assertHasProperty(t, generatedProps, "org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ assertHasProperty(t, generatedProps, "kogito.events.processdefinitions.enabled", "false")
+ assertHasProperty(t, generatedProps, "kogito.events.processinstances.enabled", "false")
+ assertHasProperty(t, generatedProps, "kogito.events.usertasks.enabled", "false")
+ assertHasProperty(t, generatedProps, "mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ assertHasProperty(t, generatedProps, "mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
@@ -200,11 +208,15 @@ func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
platform.Namespace = ns
platform.Spec = operatorapi.SonataFlowPlatformSpec{
Services: &operatorapi.ServicesPlatformSpec{
- DataIndex: &operatorapi.ServiceSpec{
- Enabled: &enabled,
+ DataIndex: &operatorapi.DataIndexServiceSpec{
+ ServiceSpec: operatorapi.ServiceSpec{
+ Enabled: &enabled,
+ },
- JobService: &operatorapi.ServiceSpec{
- Enabled: &enabled,
+ JobService: &operatorapi.JobServiceServiceSpec{
+ ServiceSpec: operatorapi.ServiceSpec{
+ Enabled: &enabled,
+ },
@@ -233,7 +245,6 @@ func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
assert.Equal(t, "", generatedProps.GetString(constants.KogitoProcessInstancesEventsURL, ""))
assert.Equal(t, "false", generatedProps.GetString(constants.KogitoProcessInstancesEventsEnabled, ""))
assert.Equal(t, "false", generatedProps.GetString(constants.KogitoUserTasksEventsEnabled, ""))
- assert.Equal(t, "false", generatedProps.GetString("%dev.quarkus.dev-ui.cors.enabled", ""))
// prod profile enables config of outgoing events url
workflow.SetAnnotations(map[string]string{metadata.Profile: string(metadata.PreviewProfile)})
@@ -245,7 +256,7 @@ func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
assert.NoError(t, err)
generatedProps, propsErr = properties.LoadString(props.WithUserProperties(userProperties).Build())
assert.NoError(t, propsErr)
- assert.Equal(t, 18, len(generatedProps.Keys()))
+ assert.Equal(t, 17, len(generatedProps.Keys()))
assert.NotContains(t, "property1", generatedProps.Keys())
assert.NotContains(t, "property2", generatedProps.Keys())
assert.Equal(t, "http://"+platform.Name+"-"+constants.DataIndexServiceName+"."+platform.Namespace+"/definitions", generatedProps.GetString(constants.KogitoProcessDefinitionsEventsURL, ""))
@@ -261,7 +272,6 @@ func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
assert.Equal(t, "true", generatedProps.GetString(constants.KogitoDataIndexHealthCheckEnabled, ""))
assert.Equal(t, "http://"+platform.Name+"-"+constants.DataIndexServiceName+"."+platform.Namespace, generatedProps.GetString(constants.KogitoDataIndexURL, ""))
assert.Equal(t, "http://"+platform.Name+"-"+constants.JobServiceName+"."+platform.Namespace, generatedProps.GetString(constants.KogitoJobServiceURL, ""))
- assert.Equal(t, "false", generatedProps.GetString(constants.KogitoDataIndexQuarkusDevUICors, ""))
// disabling data index bypasses config of outgoing events url
platform.Spec.Services.DataIndex.Enabled = nil
@@ -273,7 +283,7 @@ func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
assert.NoError(t, err)
generatedProps, propsErr = properties.LoadString(props.WithUserProperties(userProperties).Build())
assert.NoError(t, propsErr)
- assert.Equal(t, 13, len(generatedProps.Keys()))
+ assert.Equal(t, 12, len(generatedProps.Keys()))
assert.NotContains(t, "property1", generatedProps.Keys())
assert.NotContains(t, "property2", generatedProps.Keys())
assert.Equal(t, "", generatedProps.GetString(constants.KogitoProcessDefinitionsEventsURL, ""))
@@ -284,7 +294,6 @@ func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
assert.Equal(t, "http://"+platform.Name+"-"+constants.JobServiceName+"."+platform.Namespace+"/v2/jobs/events", generatedProps.GetString(constants.JobServiceRequestEventsURL, ""))
assert.Equal(t, "", generatedProps.GetString(constants.JobServiceStatusChangeEvents, ""))
assert.Equal(t, "", generatedProps.GetString(constants.JobServiceStatusChangeEventsURL, ""))
- assert.Equal(t, "false", generatedProps.GetString(constants.KogitoDataIndexQuarkusDevUICors, ""))
// disabling job service bypasses config of outgoing events url
platform.Spec.Services.JobService.Enabled = nil
@@ -294,7 +303,7 @@ func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
assert.NoError(t, err)
generatedProps, propsErr = properties.LoadString(props.WithUserProperties(userProperties).Build())
assert.NoError(t, propsErr)
- assert.Equal(t, 12, len(generatedProps.Keys()))
+ assert.Equal(t, 11, len(generatedProps.Keys()))
assert.NotContains(t, "property1", generatedProps.Keys())
assert.NotContains(t, "property2", generatedProps.Keys())
assert.Equal(t, "", generatedProps.GetString(constants.KogitoProcessDefinitionsEventsURL, ""))
@@ -306,7 +315,100 @@ func Test_appPropertyHandler_WithServicesWithUserOverrides(t *testing.T) {
assert.Equal(t, "", generatedProps.GetString(constants.JobServiceDataSourceReactiveURL, ""))
assert.Equal(t, "", generatedProps.GetString(constants.JobServiceStatusChangeEvents, ""))
assert.Equal(t, "", generatedProps.GetString(constants.JobServiceStatusChangeEventsURL, ""))
- assert.Equal(t, "false", generatedProps.GetString(constants.KogitoDataIndexQuarkusDevUICors, ""))
+type eventsGroupingTestSpec struct {
+ kogitoEventsGrouping bool
+ kogitoEventsGroupingBinary bool
+ kogitoEventsGroupingCompress bool
+ shouldContainEventsGrouping bool
+ shouldContainEventsGroupingBinary bool
+ shouldContainEventsGroupingCompress bool
+func newTestSpec(eventsGrouping bool, eventsGroupingBinary bool, eventsGroupingCompress bool,
+ shouldContainEventsGrouping bool, shouldContainEventsGroupingBinary bool, shouldContainEventsGroupingCompress bool) *eventsGroupingTestSpec {
+ return &eventsGroupingTestSpec{
+ kogitoEventsGrouping: eventsGrouping,
+ kogitoEventsGroupingBinary: eventsGroupingBinary,
+ kogitoEventsGroupingCompress: eventsGroupingCompress,
+ shouldContainEventsGrouping: shouldContainEventsGrouping,
+ shouldContainEventsGroupingBinary: shouldContainEventsGroupingBinary,
+ shouldContainEventsGroupingCompress: shouldContainEventsGroupingCompress,
+ }
+func Test_appPropertyHandler_KogitoEventsGroupingTrueWithDevProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.DevProfile, newTestSpec(false, false, false, false, false, false))
+func Test_appPropertyHandler_KogitoEventsGroupingTrueWithPreviewProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.PreviewProfile, newTestSpec(true, false, false, true, false, false))
+func Test_appPropertyHandler_KogitoEventsGroupingTrueWithGitOpsProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.GitOpsProfile, newTestSpec(true, false, false, true, false, false))
+func Test_appPropertyHandler_KogitoEventsGroupingFalseWithDevProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.DevProfile, newTestSpec(false, false, false, false, false, false))
+func Test_appPropertyHandler_KogitoEventsGroupingFalseWithPreviewProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.PreviewProfile, newTestSpec(false, false, false, false, false, false))
+func Test_appPropertyHandler_KogitoEventsGroupingTrueBinaryTrueCompressFalseWithPreviewProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.PreviewProfile, newTestSpec(true, true, false, true, true, false))
+func Test_appPropertyHandler_KogitoEventsGroupingTrueBinaryTrueCompressTrueWithPreviewProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.PreviewProfile, newTestSpec(true, true, true, true, true, true))
+func Test_appPropertyHandler_KogitoEventsGroupingFalseWithGitOpsProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.GitOpsProfile, newTestSpec(false, false, false, false, false, false))
+func Test_appPropertyHandler_KogitoEventsGroupingTrueBinaryTrueCompressFalseWithGitOpsProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.GitOpsProfile, newTestSpec(true, true, false, true, true, false))
+func Test_appPropertyHandler_KogitoEventsGroupingTrueBinaryTrueCompressTrueWithGitOpsProfile(t *testing.T) {
+ doTestManagedPropsForKogitoEventsGrouping(t, metadata.GitOpsProfile, newTestSpec(true, true, true, true, true, true))
+func doTestManagedPropsForKogitoEventsGrouping(t *testing.T, profile metadata.ProfileType, testSpec *eventsGroupingTestSpec) {
+ currentKogitoEventGroupingValue := cfg.GetCfg().KogitoEventsGrouping
+ currentKogitoEventGroupingBinaryValue := cfg.GetCfg().KogitoEventsGroupingBinary
+ currentKogitoEventGroupingCompressValue := cfg.GetCfg().KogitoEventsGroupingCompress
+ cfg.GetCfg().KogitoEventsGrouping = testSpec.kogitoEventsGrouping
+ cfg.GetCfg().KogitoEventsGroupingBinary = testSpec.kogitoEventsGroupingBinary
+ cfg.GetCfg().KogitoEventsGroupingCompress = testSpec.kogitoEventsGroupingCompress
+ workflow := test.GetBaseSonataFlow("default")
+ setProfileInFlow(profile)(workflow)
+ platform := test.GetBasePlatform()
+ handler, err := NewManagedPropertyHandler(workflow, platform)
+ cfg.GetCfg().KogitoEventsGrouping = currentKogitoEventGroupingValue
+ cfg.GetCfg().KogitoEventsGroupingBinary = currentKogitoEventGroupingBinaryValue
+ cfg.GetCfg().KogitoEventsGroupingCompress = currentKogitoEventGroupingCompressValue
+ assert.NoError(t, err)
+ generatedProps, propsErr := properties.LoadString(handler.Build())
+ assert.NoError(t, propsErr)
+ if testSpec.shouldContainEventsGrouping {
+ assertHasProperty(t, generatedProps, "kogito.events.grouping", "true")
+ } else {
+ assert.NotContains(t, generatedProps.Keys(), "kogito.events.grouping")
+ }
+ if testSpec.shouldContainEventsGroupingBinary {
+ assertHasProperty(t, generatedProps, "kogito.events.grouping.binary", "true")
+ } else {
+ assert.NotContains(t, generatedProps.Keys(), "kogito.events.grouping.binary", "true")
+ }
+ if testSpec.shouldContainEventsGroupingCompress {
+ assertHasProperty(t, generatedProps, "kogito.events.grouping.compress", "true")
+ } else {
+ assert.NotContains(t, generatedProps.Keys(), "kogito.events.grouping.compress", "true")
+ }
var _ = Describe("Platform properties", func() {
@@ -332,7 +434,7 @@ var _ = Describe("Platform properties", func() {
Entry("has enabled field set to false and workflow with production profile",
generateFlow(setProfileInFlow(metadata.PreviewProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(&disabled), setPlatformNamespace("default"), setPlatformName("foo")),
- generateJobServiceWorkflowDevProperties()),
+ generateJobServiceWorkflowProductionWithJobServiceDisabled()),
Entry("has enabled field undefined and workflow with dev profile",
generateFlow(setProfileInFlow(metadata.DevProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(nil), setPlatformNamespace("default"), setPlatformName("foo")),
@@ -340,7 +442,7 @@ var _ = Describe("Platform properties", func() {
Entry("has enabled field undefined and workflow with production profile",
generateFlow(setProfileInFlow(metadata.PreviewProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(nil), setPlatformNamespace("default"), setPlatformName("foo")),
- generateJobServiceWorkflowDevProperties()),
+ generateJobServiceWorkflowProductionWithJobServiceDisabled()),
Entry("has enabled field set to true and workflow with dev profile",
generateFlow(setProfileInFlow(metadata.DevProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(&enabled), setPlatformName("foo"), setPlatformNamespace("default")),
@@ -356,11 +458,11 @@ var _ = Describe("Platform properties", func() {
Entry("has enabled field set to false and workflow with no profile",
generateFlow(setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(&disabled), setPlatformName("foo"), setPlatformNamespace("default")),
- generateJobServiceWorkflowDevProperties()),
+ generateJobServiceWorkflowProductionWithJobServiceDisabled()),
Entry("has enabled field undefined and workflow with no profile",
generateFlow(setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(nil), setPlatformName("foo"), setPlatformNamespace("default")),
- generateJobServiceWorkflowDevProperties()),
+ generateJobServiceWorkflowProductionWithJobServiceDisabled()),
DescribeTable("only data index service when the spec",
@@ -380,7 +482,7 @@ var _ = Describe("Platform properties", func() {
Entry("has enabled field set to false and workflow with production profile",
generateFlow(setProfileInFlow(metadata.PreviewProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setDataIndexEnabledValue(&disabled), setPlatformNamespace("default"), setPlatformName("foo")),
- generateDataIndexWorkflowDevProperties()),
+ generateDataIndexWorkflowProductionPropertiesWithDataIndexDisabled()),
Entry("has enabled field undefined and workflow with dev profile",
generateFlow(setProfileInFlow(metadata.DevProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setDataIndexEnabledValue(nil), setPlatformNamespace("default"), setPlatformName("foo")),
@@ -388,7 +490,7 @@ var _ = Describe("Platform properties", func() {
Entry("has enabled field undefined and workflow with production profile",
generateFlow(setProfileInFlow(metadata.PreviewProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setDataIndexEnabledValue(nil), setPlatformNamespace("default"), setPlatformName("foo")),
- generateDataIndexWorkflowDevProperties()),
+ generateDataIndexWorkflowProductionPropertiesWithDataIndexDisabled()),
Entry("has enabled field set to true and workflow with dev profile",
generateFlow(setProfileInFlow(metadata.DevProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setDataIndexEnabledValue(&enabled), setPlatformNamespace("default"), setPlatformName("foo")),
@@ -400,7 +502,7 @@ var _ = Describe("Platform properties", func() {
Entry("has enabled field set to false and workflow with no profile",
generateFlow(setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setDataIndexEnabledValue(&disabled), setPlatformNamespace("default"), setPlatformName("foo")),
- generateDataIndexWorkflowDevProperties()),
+ generateDataIndexWorkflowProductionPropertiesWithDataIndexDisabled()),
Entry("has enabled field set to true and workflow with no profile",
generateFlow(setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setDataIndexEnabledValue(&enabled), setPlatformNamespace("default"), setPlatformName("foo")),
@@ -408,7 +510,7 @@ var _ = Describe("Platform properties", func() {
Entry("has enabled field undefined and workflow with no profile",
generateFlow(setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setDataIndexEnabledValue(nil), setPlatformNamespace("default"), setPlatformName("foo")),
- generateDataIndexWorkflowDevProperties()),
+ generateDataIndexWorkflowProductionPropertiesWithDataIndexDisabled()),
DescribeTable("both Data Index and Job Services are available and", func(wf *operatorapi.SonataFlow, plfm *operatorapi.SonataFlowPlatform, expectedProperties *properties.Properties) {
@@ -427,7 +529,7 @@ var _ = Describe("Platform properties", func() {
Entry("both are undefined and workflow in prod profile",
generateFlow(setProfileInFlow(metadata.PreviewProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setPlatformNamespace("default"), setPlatformName("foo")),
- generateDataIndexAndJobServiceWorkflowDevProperties()),
+ generateDataIndexAndJobServiceWorkflowProductionDataIndexAndJobsServiceDisabled()),
Entry("both have enabled field set to true and workflow with dev profile",
generateFlow(setProfileInFlow(metadata.DevProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(&enabled), setDataIndexEnabledValue(&enabled), setPlatformName("foo"), setPlatformNamespace("default")),
@@ -443,7 +545,7 @@ var _ = Describe("Platform properties", func() {
Entry("both have enabled field undefined and workflow with production profile",
generateFlow(setProfileInFlow(metadata.PreviewProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(nil), setDataIndexEnabledValue(nil), setPlatformName("foo"), setPlatformNamespace("default"), setJobServiceJDBC("jdbc:postgresql://postgres:5432/sonataflow?currentSchema=myschema")),
- generateDataIndexAndJobServiceWorkflowDevProperties()),
+ generateDataIndexAndJobServiceWorkflowProductionDataIndexAndJobsServiceDisabled()),
Entry("both have enabled field set to false and workflow with dev profile",
generateFlow(setProfileInFlow(metadata.DevProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(&disabled), setDataIndexEnabledValue(&disabled), setPlatformName("foo"), setPlatformNamespace("default"), setJobServiceJDBC("jdbc:postgresql://postgres:5432/sonataflow?currentSchema=myschema")),
@@ -451,11 +553,11 @@ var _ = Describe("Platform properties", func() {
Entry("both have enabled field set to false and workflow with production profile",
generateFlow(setProfileInFlow(metadata.PreviewProfile), setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(&disabled), setDataIndexEnabledValue(&disabled), setPlatformName("foo"), setPlatformNamespace("default"), setJobServiceJDBC("jdbc:postgresql://postgres:5432/sonataflow?currentSchema=myschema")),
- generateDataIndexAndJobServiceWorkflowDevProperties()),
+ generateDataIndexAndJobServiceWorkflowProductionDataIndexAndJobsServiceDisabled()),
Entry("both have enabled field set to false and workflow with no profile",
generateFlow(setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(&disabled), setDataIndexEnabledValue(&disabled), setPlatformName("foo"), setPlatformNamespace("default"), setJobServiceJDBC("jdbc:postgresql://postgres:5432/sonataflow?currentSchema=myschema")),
- generateDataIndexAndJobServiceWorkflowDevProperties()),
+ generateDataIndexAndJobServiceWorkflowProductionDataIndexAndJobsServiceDisabled()),
Entry("both have enabled field set to true and workflow with no profile",
generateFlow(setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(&enabled), setDataIndexEnabledValue(&enabled), setPlatformName("foo"), setPlatformNamespace("default"), setJobServiceJDBC("jdbc:postgresql://postgres:5432/sonataflow?currentSchema=myschema")),
@@ -463,7 +565,7 @@ var _ = Describe("Platform properties", func() {
Entry("both have enabled field undefined and workflow with no profile",
generateFlow(setWorkflowName("foo"), setWorkflowNamespace("default")),
generatePlatform(setJobServiceEnabledValue(nil), setDataIndexEnabledValue(&disabled), setPlatformName("foo"), setPlatformNamespace("default"), setJobServiceJDBC("jdbc:postgresql://postgres:5432/sonataflow?currentSchema=myschema")),
- generateDataIndexAndJobServiceWorkflowDevProperties()),
+ generateDataIndexAndJobServiceWorkflowProductionDataIndexAndJobsServiceDisabled()),
@@ -471,135 +573,173 @@ var _ = Describe("Platform properties", func() {
func generateJobServiceWorkflowDevProperties() *properties.Properties {
- if jobServiceDevProperties == nil {
- jobServiceDevProperties = properties.NewProperties()
- jobServiceDevProperties.Set("kogito.service.url", "http://foo.default")
- jobServiceDevProperties.Set("quarkus.http.host", "")
- jobServiceDevProperties.Set("quarkus.http.port", "8080")
- jobServiceDevProperties.Set("quarkus.devservices.enabled", "false")
- jobServiceDevProperties.Set("quarkus.kogito.devservices.enabled", "false")
- jobServiceDevProperties.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
- jobServiceDevProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
- jobServiceDevProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
- jobServiceDevProperties.Set("kogito.events.processdefinitions.enabled", "false")
- jobServiceDevProperties.Set("kogito.events.processinstances.enabled", "false")
- jobServiceDevProperties.Set("kogito.events.usertasks.enabled", "false")
- jobServiceDevProperties.Set("%dev.quarkus.dev-ui.cors.enabled", "false")
- jobServiceDevProperties.Sort()
- }
- return jobServiceDevProperties
+ props := properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("kogito.events.processdefinitions.enabled", "false")
+ props.Set("kogito.events.processinstances.enabled", "false")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Set("quarkus.dev-ui.cors.enabled", "false")
+ props.Sort()
+ return props
+func generateJobServiceWorkflowProductionWithJobServiceDisabled() *properties.Properties {
+ props := properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("kogito.events.processdefinitions.enabled", "false")
+ props.Set("kogito.events.processinstances.enabled", "false")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Sort()
+ return props
func generateJobServiceWorkflowProductionProperties() *properties.Properties {
- if jobServiceProdProperties == nil {
- jobServiceProdProperties = properties.NewProperties()
- jobServiceProdProperties.Set("kogito.service.url", "http://foo.default")
- jobServiceProdProperties.Set("kogito.jobs-service.url", "http://foo-jobs-service.default")
- jobServiceProdProperties.Set("quarkus.http.host", "")
- jobServiceProdProperties.Set("quarkus.http.port", "8080")
- jobServiceProdProperties.Set("quarkus.kogito.devservices.enabled", "false")
- jobServiceProdProperties.Set("quarkus.devservices.enabled", "false")
- jobServiceProdProperties.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
- jobServiceProdProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
- jobServiceProdProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://foo-jobs-service.default/v2/jobs/events")
- jobServiceProdProperties.Set("kogito.events.processdefinitions.enabled", "false")
- jobServiceProdProperties.Set("kogito.events.processinstances.enabled", "false")
- jobServiceProdProperties.Set("kogito.events.usertasks.enabled", "false")
- jobServiceProdProperties.Set("%dev.quarkus.dev-ui.cors.enabled", "false")
- jobServiceProdProperties.Sort()
- }
- return jobServiceProdProperties
+ props := properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("kogito.jobs-service.url", "http://foo-jobs-service.default")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://foo-jobs-service.default/v2/jobs/events")
+ props.Set("kogito.events.processdefinitions.enabled", "false")
+ props.Set("kogito.events.processinstances.enabled", "false")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Sort()
+ return props
func generateDataIndexWorkflowDevProperties() *properties.Properties {
- if dataIndexDevProperties == nil {
- dataIndexDevProperties = properties.NewProperties()
- dataIndexDevProperties.Set("kogito.service.url", "http://foo.default")
- dataIndexDevProperties.Set("quarkus.http.host", "")
- dataIndexDevProperties.Set("quarkus.http.port", "8080")
- dataIndexDevProperties.Set("quarkus.devservices.enabled", "false")
- dataIndexDevProperties.Set("quarkus.kogito.devservices.enabled", "false")
- dataIndexDevProperties.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
- dataIndexDevProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
- dataIndexDevProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
- dataIndexDevProperties.Set("kogito.events.processdefinitions.enabled", "false")
- dataIndexDevProperties.Set("kogito.events.processinstances.enabled", "false")
- dataIndexDevProperties.Set("kogito.events.usertasks.enabled", "false")
- dataIndexDevProperties.Set("%dev.quarkus.dev-ui.cors.enabled", "false")
- dataIndexDevProperties.Sort()
- }
- return dataIndexDevProperties
+ props := properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
+ props.Set("kogito.events.processdefinitions.enabled", "false")
+ props.Set("kogito.events.processinstances.enabled", "false")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Set("quarkus.dev-ui.cors.enabled", "false")
+ props.Sort()
+ return props
+func generateDataIndexWorkflowProductionPropertiesWithDataIndexDisabled() *properties.Properties {
+ props := properties.NewProperties()
+ props = properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
+ props.Set("kogito.events.processdefinitions.enabled", "false")
+ props.Set("kogito.events.processinstances.enabled", "false")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Sort()
+ return props
func generateDataIndexWorkflowProductionProperties() *properties.Properties {
- if dataIndexProdProperties == nil {
- dataIndexProdProperties = properties.NewProperties()
- dataIndexProdProperties.Set("kogito.service.url", "http://foo.default")
- dataIndexProdProperties.Set("kogito.data-index.url", "http://foo-data-index-service.default")
- dataIndexProdProperties.Set("kogito.data-index.health-enabled", "true")
- dataIndexProdProperties.Set("quarkus.http.host", "")
- dataIndexProdProperties.Set("quarkus.http.port", "8080")
- dataIndexProdProperties.Set("quarkus.devservices.enabled", "false")
- dataIndexProdProperties.Set("quarkus.kogito.devservices.enabled", "false")
- dataIndexProdProperties.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
- dataIndexProdProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
- dataIndexProdProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
- dataIndexProdProperties.Set("mp.messaging.outgoing.kogito-processdefinitions-events.url", "http://foo-data-index-service.default/definitions")
- dataIndexProdProperties.Set("mp.messaging.outgoing.kogito-processinstances-events.url", "http://foo-data-index-service.default/processes")
- dataIndexProdProperties.Set("kogito.events.processdefinitions.enabled", "true")
- dataIndexProdProperties.Set("kogito.events.processdefinitions.errors.propagate", "true")
- dataIndexProdProperties.Set("kogito.events.processinstances.enabled", "true")
- dataIndexProdProperties.Set("kogito.events.usertasks.enabled", "false")
- dataIndexProdProperties.Set("%dev.quarkus.dev-ui.cors.enabled", "false")
- dataIndexProdProperties.Sort()
- }
- return dataIndexProdProperties
+ props := properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("kogito.data-index.url", "http://foo-data-index-service.default")
+ props.Set("kogito.data-index.health-enabled", "true")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
+ props.Set("mp.messaging.outgoing.kogito-processdefinitions-events.url", "http://foo-data-index-service.default/definitions")
+ props.Set("mp.messaging.outgoing.kogito-processinstances-events.url", "http://foo-data-index-service.default/processes")
+ props.Set("kogito.events.processdefinitions.enabled", "true")
+ props.Set("kogito.events.processdefinitions.errors.propagate", "true")
+ props.Set("kogito.events.processinstances.enabled", "true")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Sort()
+ return props
func generateDataIndexAndJobServiceWorkflowDevProperties() *properties.Properties {
- if dataIndexJobServiceDevProperties == nil {
- dataIndexJobServiceDevProperties = properties.NewProperties()
- dataIndexJobServiceDevProperties.Set("kogito.service.url", "http://foo.default")
- dataIndexJobServiceDevProperties.Set("quarkus.http.host", "")
- dataIndexJobServiceDevProperties.Set("quarkus.http.port", "8080")
- dataIndexJobServiceDevProperties.Set("quarkus.kogito.devservices.enabled", "false")
- dataIndexJobServiceDevProperties.Set("quarkus.devservices.enabled", "false")
- dataIndexJobServiceDevProperties.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
- dataIndexJobServiceDevProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
- dataIndexJobServiceDevProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
- dataIndexJobServiceDevProperties.Set("kogito.events.processdefinitions.enabled", "false")
- dataIndexJobServiceDevProperties.Set("kogito.events.processinstances.enabled", "false")
- dataIndexJobServiceDevProperties.Set("kogito.events.usertasks.enabled", "false")
- dataIndexJobServiceDevProperties.Set("%dev.quarkus.dev-ui.cors.enabled", "false")
- dataIndexJobServiceDevProperties.Sort()
- }
- return dataIndexJobServiceDevProperties
+ props := properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
+ props.Set("kogito.events.processdefinitions.enabled", "false")
+ props.Set("kogito.events.processinstances.enabled", "false")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Set("quarkus.dev-ui.cors.enabled", "false")
+ props.Sort()
+ return props
+func generateDataIndexAndJobServiceWorkflowProductionDataIndexAndJobsServiceDisabled() *properties.Properties {
+ props := properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://localhost/v2/jobs/events")
+ props.Set("kogito.events.processdefinitions.enabled", "false")
+ props.Set("kogito.events.processinstances.enabled", "false")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Sort()
+ return props
func generateDataIndexAndJobServiceWorkflowProductionProperties() *properties.Properties {
- if dataIndexJobServiceProdProperties == nil {
- dataIndexJobServiceProdProperties = properties.NewProperties()
- dataIndexJobServiceProdProperties.Set("kogito.service.url", "http://foo.default")
- dataIndexJobServiceProdProperties.Set("kogito.data-index.url", "http://foo-data-index-service.default")
- dataIndexJobServiceProdProperties.Set("kogito.data-index.health-enabled", "true")
- dataIndexJobServiceProdProperties.Set("kogito.jobs-service.url", "http://foo-jobs-service.default")
- dataIndexJobServiceProdProperties.Set("quarkus.http.host", "")
- dataIndexJobServiceProdProperties.Set("quarkus.http.port", "8080")
- dataIndexJobServiceProdProperties.Set("quarkus.kogito.devservices.enabled", "false")
- dataIndexJobServiceProdProperties.Set("quarkus.devservices.enabled", "false")
- dataIndexJobServiceProdProperties.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
- dataIndexJobServiceProdProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
- dataIndexJobServiceProdProperties.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://foo-jobs-service.default/v2/jobs/events")
- dataIndexJobServiceProdProperties.Set("kogito.events.processdefinitions.enabled", "true")
- dataIndexJobServiceProdProperties.Set("kogito.events.processdefinitions.errors.propagate", "true")
- dataIndexJobServiceProdProperties.Set("kogito.events.processinstances.enabled", "true")
- dataIndexJobServiceProdProperties.Set("kogito.events.usertasks.enabled", "false")
- dataIndexJobServiceProdProperties.Set("mp.messaging.outgoing.kogito-processdefinitions-events.url", "http://foo-data-index-service.default/definitions")
- dataIndexJobServiceProdProperties.Set("mp.messaging.outgoing.kogito-processinstances-events.url", "http://foo-data-index-service.default/processes")
- dataIndexJobServiceProdProperties.Set("%dev.quarkus.dev-ui.cors.enabled", "false")
- dataIndexJobServiceProdProperties.Sort()
- }
- return dataIndexJobServiceProdProperties
+ props := properties.NewProperties()
+ props.Set("kogito.service.url", "http://foo.default")
+ props.Set("kogito.data-index.url", "http://foo-data-index-service.default")
+ props.Set("kogito.data-index.health-enabled", "true")
+ props.Set("kogito.jobs-service.url", "http://foo-jobs-service.default")
+ props.Set("quarkus.http.host", "")
+ props.Set("quarkus.http.port", "8080")
+ props.Set("quarkus.kogito.devservices.enabled", "false")
+ props.Set("quarkus.devservices.enabled", "false")
+ props.Set("org.kie.kogito.addons.knative.eventing.health-enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.connector", "quarkus-http")
+ props.Set("mp.messaging.outgoing.kogito-job-service-job-request-events.url", "http://foo-jobs-service.default/v2/jobs/events")
+ props.Set("kogito.events.processdefinitions.enabled", "true")
+ props.Set("kogito.events.processdefinitions.errors.propagate", "true")
+ props.Set("kogito.events.processinstances.enabled", "true")
+ props.Set("kogito.events.usertasks.enabled", "false")
+ props.Set("mp.messaging.outgoing.kogito-processdefinitions-events.url", "http://foo-data-index-service.default/definitions")
+ props.Set("mp.messaging.outgoing.kogito-processinstances-events.url", "http://foo-data-index-service.default/processes")
+ props.Sort()
+ return props
type wfOptionFn func(wf *operatorapi.SonataFlow)
@@ -649,7 +789,7 @@ func setJobServiceEnabledValue(v *bool) plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.JobService == nil {
- p.Spec.Services.JobService = &operatorapi.ServiceSpec{}
+ p.Spec.Services.JobService = &operatorapi.JobServiceServiceSpec{}
p.Spec.Services.JobService.Enabled = v
@@ -661,7 +801,7 @@ func setDataIndexEnabledValue(v *bool) plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.DataIndex == nil {
- p.Spec.Services.DataIndex = &operatorapi.ServiceSpec{}
+ p.Spec.Services.DataIndex = &operatorapi.DataIndexServiceSpec{}
p.Spec.Services.DataIndex.Enabled = v
@@ -685,7 +825,7 @@ func setJobServiceJDBC(jdbc string) plfmOptionFn {
p.Spec.Services = &operatorapi.ServicesPlatformSpec{}
if p.Spec.Services.JobService == nil {
- p.Spec.Services.JobService = &operatorapi.ServiceSpec{}
+ p.Spec.Services.JobService = &operatorapi.JobServiceServiceSpec{}
if p.Spec.Services.JobService.Persistence == nil {
p.Spec.Services.JobService.Persistence = &operatorapi.PersistenceOptionsSpec{}
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/platform.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/platform.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/platform.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/platform.go
index f629f63f8a7..c6176e09336 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/properties/platform.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/properties/platform.go
@@ -20,15 +20,16 @@ package properties
import (
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
func resolvePlatformWorkflowProperties(platform *operatorapi.SonataFlowPlatform) (*properties.Properties, error) {
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/platform_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/platform_test.go
similarity index 91%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/platform_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/platform_test.go
index 3606aac9fff..24ebc594319 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/properties/platform_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/properties/platform_test.go
@@ -20,12 +20,12 @@ package properties
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
func Test_resolvePlatformWorkflowProperties(t *testing.T) {
@@ -67,8 +67,7 @@ func Test_resolvePlatformWorkflowProperties(t *testing.T) {
- client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(platform, secret, cm).WithStatusSubresource(platform).Build()
- utils.SetClient(client)
+ _ = test.NewSonataFlowClientBuilder().WithRuntimeObjects(platform, secret, cm).WithStatusSubresource(platform).Build()
props, err := resolvePlatformWorkflowProperties(platform)
assert.NoError(t, err)
@@ -109,8 +108,7 @@ func Test_resolvePlatformWorkflowProperties_RefNotFound(t *testing.T) {
- client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(platform).WithStatusSubresource(platform).Build()
- utils.SetClient(client)
+ _ = test.NewSonataFlowClientBuilder().WithRuntimeObjects(platform).WithStatusSubresource(platform).Build()
props, err := resolvePlatformWorkflowProperties(platform)
assert.NoError(t, err)
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/properties_suite_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/properties_suite_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/properties_suite_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/properties_suite_test.go
diff --git a/packages/sonataflow-operator/controllers/profiles/common/properties/properties_test.go b/packages/sonataflow-operator/internal/controller/profiles/common/properties/properties_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/profiles/common/properties/properties_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/properties/properties_test.go
diff --git a/packages/sonataflow-operator/controllers/profiles/common/reconciler.go b/packages/sonataflow-operator/internal/controller/profiles/common/reconciler.go
similarity index 89%
rename from packages/sonataflow-operator/controllers/profiles/common/reconciler.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/reconciler.go
index 97099e5389b..e3967d8cfc4 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/reconciler.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/reconciler.go
@@ -23,20 +23,22 @@ import (
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/discovery"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform/services"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/discovery"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform/services"
- "k8s.io/klog/v2"
+ klog "k8s.io/klog/v2"
ctrl "sigs.k8s.io/controller-runtime"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
@@ -56,7 +58,17 @@ func (s *StateSupport) PerformStatusUpdate(ctx context.Context, workflow *operat
return false, err
workflow.Status.ObservedGeneration = workflow.Generation
+ workflow.Status.FlowCRC, err = utils.Crc32Checksum(workflow.Spec.Flow)
+ if err != nil {
+ return false, err
+ }
services.SetServiceUrlsInWorkflowStatus(pl, workflow)
+ if workflow.Status.Platform == nil {
+ workflow.Status.Platform = &operatorapi.SonataFlowPlatformRef{}
+ }
+ workflow.Status.Platform.Name = pl.Name
+ workflow.Status.Platform.Namespace = pl.Namespace
if err = s.C.Status().Update(ctx, workflow); err != nil {
klog.V(log.E).ErrorS(err, "Failed to update Workflow status")
return false, err
diff --git a/packages/sonataflow-operator/controllers/profiles/common/status_enricher.go b/packages/sonataflow-operator/internal/controller/profiles/common/status_enricher.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/profiles/common/status_enricher.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/status_enricher.go
diff --git a/packages/sonataflow-operator/controllers/profiles/common/variables/k8s.go b/packages/sonataflow-operator/internal/controller/profiles/common/variables/k8s.go
similarity index 95%
rename from packages/sonataflow-operator/controllers/profiles/common/variables/k8s.go
rename to packages/sonataflow-operator/internal/controller/profiles/common/variables/k8s.go
index c32897c0163..8c2ee4d11e1 100644
--- a/packages/sonataflow-operator/controllers/profiles/common/variables/k8s.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/common/variables/k8s.go
@@ -18,8 +18,9 @@
package variables
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
var (
diff --git a/packages/sonataflow-operator/controllers/profiles/dev/object_creators_dev.go b/packages/sonataflow-operator/internal/controller/profiles/dev/object_creators_dev.go
similarity index 95%
rename from packages/sonataflow-operator/controllers/profiles/dev/object_creators_dev.go
rename to packages/sonataflow-operator/internal/controller/profiles/dev/object_creators_dev.go
index 35c6b747f8b..ebdc637e03e 100644
--- a/packages/sonataflow-operator/controllers/profiles/dev/object_creators_dev.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/dev/object_creators_dev.go
@@ -22,16 +22,17 @@ package dev
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
@@ -51,6 +52,7 @@ func serviceCreator(workflow *operatorapi.SonataFlow) (client.Object, error) {
func deploymentCreator(workflow *operatorapi.SonataFlow, plf *operatorapi.SonataFlowPlatform) (client.Object, error) {
obj, err := common.DeploymentCreator(workflow, plf)
if err != nil {
return nil, err
@@ -90,8 +92,7 @@ func deploymentMutateVisitor(workflow *operatorapi.SonataFlow, plf *operatorapi.
if err != nil {
return err
- common.EnsureDeployment(original.(*appsv1.Deployment), object.(*appsv1.Deployment))
- return nil
+ return common.EnsureDeployment(original.(*appsv1.Deployment), object.(*appsv1.Deployment))
@@ -155,7 +156,7 @@ func mountDevConfigMapsMutateVisitor(workflow *operatorapi.SonataFlow, flowDefCM
if len(deployment.Spec.Template.Spec.Containers[flowContainerIdx].VolumeMounts) == 0 {
deployment.Spec.Template.Spec.Containers[flowContainerIdx].VolumeMounts = make([]corev1.VolumeMount, 0, len(volumeMounts))
- kubeutil.AddOrReplaceVolumeMount(flowContainerIdx, &deployment.Spec.Template.Spec, volumeMounts...)
+ kubeutil.AddOrReplaceVolumeMount(&deployment.Spec.Template.Spec.Containers[flowContainerIdx], volumeMounts...)
return nil
diff --git a/packages/sonataflow-operator/controllers/profiles/dev/object_creators_dev_test.go b/packages/sonataflow-operator/internal/controller/profiles/dev/object_creators_dev_test.go
similarity index 80%
rename from packages/sonataflow-operator/controllers/profiles/dev/object_creators_dev_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/dev/object_creators_dev_test.go
index b8d2ce786be..f9463baad50 100644
--- a/packages/sonataflow-operator/controllers/profiles/dev/object_creators_dev_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/dev/object_creators_dev_test.go
@@ -43,5 +43,13 @@ func Test_ensureWorkflowDevServiceIsExposed(t *testing.T) {
assert.Equal(t, reflectService.Spec.Type, v1.ServiceTypeNodePort)
assert.NotNil(t, reflectService.ObjectMeta)
assert.NotNil(t, reflectService.ObjectMeta.Labels)
- assert.Equal(t, reflectService.ObjectMeta.Labels, map[string]string{"test": "test", "app": "greeting", "sonataflow.org/workflow-app": "greeting"})
+ assert.Equal(t, reflectService.ObjectMeta.Labels, map[string]string{
+ "app": "greeting",
+ "test": "test",
+ "sonataflow.org/workflow-app": "greeting",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "greeting",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator",
+ })
diff --git a/packages/sonataflow-operator/controllers/profiles/dev/profile_dev.go b/packages/sonataflow-operator/internal/controller/profiles/dev/profile_dev.go
similarity index 93%
rename from packages/sonataflow-operator/controllers/profiles/dev/profile_dev.go
rename to packages/sonataflow-operator/internal/controller/profiles/dev/profile_dev.go
index 58343e982a3..93f875825a9 100644
--- a/packages/sonataflow-operator/controllers/profiles/dev/profile_dev.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/dev/profile_dev.go
@@ -20,15 +20,16 @@
package dev
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/discovery"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/discovery"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
@@ -78,6 +79,7 @@ func newObjectEnsurers(support *common.StateSupport) *objectEnsurers {
return &objectEnsurers{
deployment: common.NewObjectEnsurerWithPlatform(support.C, deploymentCreator),
service: common.NewObjectEnsurer(support.C, serviceCreator),
+ serviceMonitor: common.NewObjectEnsurer(support.C, common.ServiceMonitorCreator),
network: common.NewNoopObjectEnsurer(),
definitionConfigMap: common.NewObjectEnsurer(support.C, workflowDefConfigMapCreator),
userPropsConfigMap: common.NewObjectEnsurer(support.C, common.UserPropsConfigMapCreator),
@@ -89,6 +91,7 @@ func newObjectEnsurersOpenShift(support *common.StateSupport) *objectEnsurers {
return &objectEnsurers{
deployment: common.NewObjectEnsurerWithPlatform(support.C, deploymentCreator),
service: common.NewObjectEnsurer(support.C, serviceCreator),
+ serviceMonitor: common.NewObjectEnsurer(support.C, common.ServiceMonitorCreator),
network: common.NewObjectEnsurer(support.C, common.OpenShiftRouteCreator),
definitionConfigMap: common.NewObjectEnsurer(support.C, workflowDefConfigMapCreator),
userPropsConfigMap: common.NewObjectEnsurer(support.C, common.UserPropsConfigMapCreator),
@@ -111,6 +114,7 @@ func newStatusEnrichersOpenShift(support *common.StateSupport) *statusEnrichers
type objectEnsurers struct {
deployment common.ObjectEnsurerWithPlatform
service common.ObjectEnsurer
+ serviceMonitor common.ObjectEnsurer
network common.ObjectEnsurer
definitionConfigMap common.ObjectEnsurer
userPropsConfigMap common.ObjectEnsurer
diff --git a/packages/sonataflow-operator/controllers/profiles/dev/profile_dev_test.go b/packages/sonataflow-operator/internal/controller/profiles/dev/profile_dev_test.go
similarity index 95%
rename from packages/sonataflow-operator/controllers/profiles/dev/profile_dev_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/dev/profile_dev_test.go
index ba2aa11a7ba..78f50629258 100644
--- a/packages/sonataflow-operator/controllers/profiles/dev/profile_dev_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/dev/profile_dev_test.go
@@ -24,23 +24,24 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
@@ -59,6 +60,8 @@ func Test_OverrideStartupProbe(t *testing.T) {
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow).WithStatusSubresource(workflow).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
devReconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
result, err := devReconciler.Reconcile(context.TODO(), workflow)
@@ -85,7 +88,7 @@ func Test_recoverFromFailureNoDeployment(t *testing.T) {
workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.DeploymentFailureReason, "")
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow).WithStatusSubresource(workflow).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
reconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
// we are in failed state and have no objects
@@ -126,6 +129,7 @@ func Test_newDevProfile(t *testing.T) {
workflow := test.GetBaseSonataFlow(t.Name())
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow).WithStatusSubresource(workflow).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
devReconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
@@ -208,6 +212,8 @@ func Test_newDevProfile(t *testing.T) {
func Test_devProfileImageDefaultsNoPlatform(t *testing.T) {
workflow := test.GetBaseSonataFlowWithDevProfile(t.Name())
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow).WithStatusSubresource(workflow).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
devReconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
result, err := devReconciler.Reconcile(context.TODO(), workflow)
@@ -225,6 +231,8 @@ func Test_devProfileWithImageSnapshotOverrideWithPlatform(t *testing.T) {
platform := test.GetBasePlatformWithDevBaseImageInReadyPhase(workflow.Namespace)
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow, platform).WithStatusSubresource(workflow, platform).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
devReconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
result, err := devReconciler.Reconcile(context.TODO(), workflow)
@@ -233,7 +241,7 @@ func Test_devProfileWithImageSnapshotOverrideWithPlatform(t *testing.T) {
// check if the objects have been created
deployment := test.MustGetDeployment(t, client, workflow)
- assert.Equal(t, "docker.io/customgroup/custom-swf-builder:42.43.7", deployment.Spec.Template.Spec.Containers[0].Image)
+ assert.Equal(t, "docker.io/customgroup/custom-swf-builder-nightly:42.43.7", deployment.Spec.Template.Spec.Containers[0].Image)
func Test_devProfileWithWPlatformWithoutDevBaseImageAndWithBaseImage(t *testing.T) {
@@ -242,6 +250,8 @@ func Test_devProfileWithWPlatformWithoutDevBaseImageAndWithBaseImage(t *testing.
platform := test.GetBasePlatformWithBaseImageInReadyPhase(workflow.Namespace)
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow, platform).WithStatusSubresource(workflow, platform).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
devReconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
result, err := devReconciler.Reconcile(context.TODO(), workflow)
@@ -259,6 +269,8 @@ func Test_devProfileWithPlatformWithoutDevBaseImageAndWithoutBaseImage(t *testin
platform := test.GetBasePlatformInReadyPhase(workflow.Namespace)
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow, platform).WithStatusSubresource(workflow, platform).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
devReconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
result, err := devReconciler.Reconcile(context.TODO(), workflow)
@@ -277,6 +289,7 @@ func Test_newDevProfileWithExternalConfigMaps(t *testing.T) {
operatorapi.ConfigMapWorkflowResource{ConfigMap: corev1.LocalObjectReference{Name: configmapName}, WorkflowPath: "routes"})
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow).WithStatusSubresource(workflow).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
devReconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
@@ -391,6 +404,7 @@ func Test_VolumeWithCapitalizedPaths(t *testing.T) {
workflow := test.GetSonataFlow(test.SonataFlowGreetingsWithStaticResourcesCR, t.Name())
client := test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow, configMap).WithStatusSubresource(workflow, configMap).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
devReconciler := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder())
diff --git a/packages/sonataflow-operator/controllers/profiles/dev/states_dev.go b/packages/sonataflow-operator/internal/controller/profiles/dev/states_dev.go
similarity index 93%
rename from packages/sonataflow-operator/controllers/profiles/dev/states_dev.go
rename to packages/sonataflow-operator/internal/controller/profiles/dev/states_dev.go
index 2d75ff91770..4ae5443ee69 100644
--- a/packages/sonataflow-operator/controllers/profiles/dev/states_dev.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/dev/states_dev.go
@@ -34,10 +34,11 @@ import (
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflowdef"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/monitoring"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflowdef"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
@@ -81,7 +82,7 @@ func (e *ensureRunningWorkflowState) Do(ctx context.Context, workflow *operatora
if err != nil {
return ctrl.Result{Requeue: false}, objs, err
- managedPropsCM, _, err := e.ensurers.managedPropsConfigMap.Ensure(ctx, workflow, pl, common.ManagedPropertiesMutateVisitor(ctx, e.StateSupport.Catalog, workflow, pl, userPropsCM.(*corev1.ConfigMap)))
+ managedPropsCM, _, err := e.ensurers.managedPropsConfigMap.Ensure(ctx, workflow, pl, common.ManagedPropertiesMutateVisitor(ctx, e.Catalog, workflow, pl, userPropsCM.(*corev1.ConfigMap)))
if err != nil {
return ctrl.Result{Requeue: false}, objs, err
@@ -111,17 +112,19 @@ func (e *ensureRunningWorkflowState) Do(ctx context.Context, workflow *operatora
objs = append(objs, service)
- route, _, err := e.ensurers.network.Ensure(ctx, workflow)
+ serviceMonitor, err := e.ensureServiceMonitor(ctx, workflow, pl)
if err != nil {
return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, objs, err
- objs = append(objs, route)
+ if serviceMonitor != nil {
+ objs = append(objs, serviceMonitor)
+ }
- if knativeObjs, err := common.NewKnativeEventingHandler(e.StateSupport).Ensure(ctx, workflow); err != nil {
+ route, _, err := e.ensurers.network.Ensure(ctx, workflow)
+ if err != nil {
return ctrl.Result{RequeueAfter: constants.RequeueAfterFailure}, objs, err
- } else {
- objs = append(objs, knativeObjs...)
+ objs = append(objs, route)
// First time reconciling this object, mark as wait for deployment
if workflow.Status.GetTopLevelCondition().IsUnknown() {
@@ -148,6 +151,14 @@ func (e *ensureRunningWorkflowState) Do(ctx context.Context, workflow *operatora
return ctrl.Result{RequeueAfter: constants.RequeueAfterIsRunning}, objs, nil
+func (e *ensureRunningWorkflowState) ensureServiceMonitor(ctx context.Context, workflow *operatorapi.SonataFlow, pl *operatorapi.SonataFlowPlatform) (client.Object, error) {
+ if monitoring.IsMonitoringEnabled(pl) {
+ serviceMonitor, _, err := e.ensurers.serviceMonitor.Ensure(ctx, workflow)
+ return serviceMonitor, err
+ }
+ return nil, nil
func (e *ensureRunningWorkflowState) PostReconcile(ctx context.Context, workflow *operatorapi.SonataFlow) error {
//By default, we don't want to perform anything after the reconciliation, and so we will simply return no error
return nil
diff --git a/packages/sonataflow-operator/controllers/profiles/dev/status_enricher_dev.go b/packages/sonataflow-operator/internal/controller/profiles/dev/status_enricher_dev.go
similarity index 97%
rename from packages/sonataflow-operator/controllers/profiles/dev/status_enricher_dev.go
rename to packages/sonataflow-operator/internal/controller/profiles/dev/status_enricher_dev.go
index 84694f50859..2321beb97e0 100644
--- a/packages/sonataflow-operator/controllers/profiles/dev/status_enricher_dev.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/dev/status_enricher_dev.go
@@ -55,7 +55,7 @@ func statusEnricher(ctx context.Context, c client.Client, workflow *operatorapi.
podList := &v1.PodList{}
opts := []client.ListOption{
- client.MatchingLabels{workflowproj.LabelApp: labels[workflowproj.LabelApp]},
+ client.MatchingLabels{workflowproj.LabelK8SName: labels[workflowproj.LabelK8SName]},
err := c.List(ctx, podList, opts...)
if err != nil {
diff --git a/packages/sonataflow-operator/controllers/profiles/dev/status_enricher_dev_test.go b/packages/sonataflow-operator/internal/controller/profiles/dev/status_enricher_dev_test.go
similarity index 98%
rename from packages/sonataflow-operator/controllers/profiles/dev/status_enricher_dev_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/dev/status_enricher_dev_test.go
index 6fba1404531..95d8cf52d90 100644
--- a/packages/sonataflow-operator/controllers/profiles/dev/status_enricher_dev_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/dev/status_enricher_dev_test.go
@@ -28,7 +28,7 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
apiv08 "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
diff --git a/packages/sonataflow-operator/controllers/profiles/factory/factory.go b/packages/sonataflow-operator/internal/controller/profiles/factory/factory.go
similarity index 79%
rename from packages/sonataflow-operator/controllers/profiles/factory/factory.go
rename to packages/sonataflow-operator/internal/controller/profiles/factory/factory.go
index 36f1016bd73..e1fa420d4c6 100644
--- a/packages/sonataflow-operator/controllers/profiles/factory/factory.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/factory/factory.go
@@ -20,9 +20,10 @@
package factory
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/gitops"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/preview"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/gitops"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/preview"
@@ -30,12 +31,8 @@ import (
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/dev"
-const (
- defaultProfile = metadata.PreviewProfile
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/dev"
type reconcilerBuilder func(client client.Client, cfg *rest.Config, recorder record.EventRecorder) profiles.ProfileReconciler
@@ -47,25 +44,22 @@ var profileBuilders = map[metadata.ProfileType]reconcilerBuilder{
func profileBuilder(workflow *operatorapi.SonataFlow) reconcilerBuilder {
- profile := workflow.Annotations[metadata.Profile]
- if len(profile) == 0 {
- profile = defaultProfile.String()
- }
+ profile := metadata.GetProfileOrDefault(workflow.Annotations)
// keep backward compatibility
- if profile == metadata.ProdProfile.String() {
+ if profile == metadata.ProdProfile {
klog.V(log.W).Infof("Profile %s is deprecated, please use '%s' instead.", metadata.ProdProfile, metadata.PreviewProfile)
- profile = metadata.PreviewProfile.String()
+ profile = metadata.PreviewProfile
// Enforce GitOps profile if the .spec.podTemplate.container.image is set in the Preview profile.
- if (profile == metadata.PreviewProfile.String() || profile == metadata.ProdProfile.String()) && workflow.HasContainerSpecImage() {
+ if (profile == metadata.PreviewProfile || profile == metadata.ProdProfile) && workflow.HasContainerSpecImage() {
workflow.Annotations[metadata.Profile] = metadata.GitOpsProfile.String()
return profileBuilders[metadata.GitOpsProfile]
- if _, ok := profileBuilders[metadata.ProfileType(profile)]; !ok {
- klog.V(log.W).Infof("Profile %s not supported, please use '%s' or '%s'. Falling back to %s", profile, metadata.PreviewProfile, metadata.DevProfile, defaultProfile)
- return profileBuilders[defaultProfile]
+ if _, ok := profileBuilders[profile]; !ok {
+ klog.V(log.W).Infof("Profile %s not supported, please use '%s' or '%s'. Falling back to %s", profile, metadata.PreviewProfile, metadata.DevProfile, metadata.DefaultProfile)
+ return profileBuilders[metadata.DefaultProfile]
- return profileBuilders[metadata.ProfileType(profile)]
+ return profileBuilders[profile]
// NewReconciler creates a new ProfileReconciler based on the given workflow and context.
diff --git a/packages/sonataflow-operator/controllers/profiles/gitops/alias.go b/packages/sonataflow-operator/internal/controller/profiles/gitops/alias.go
similarity index 96%
rename from packages/sonataflow-operator/controllers/profiles/gitops/alias.go
rename to packages/sonataflow-operator/internal/controller/profiles/gitops/alias.go
index 9edd22b538a..f79d10c782b 100644
--- a/packages/sonataflow-operator/controllers/profiles/gitops/alias.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/gitops/alias.go
@@ -17,7 +17,7 @@
package gitops
-import "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/preview"
+import "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/preview"
// Aliases to preview profile package to avoid cluttering this package with references to preview profile.
// It makes easier to maintain and understand where it comes the references.
diff --git a/packages/sonataflow-operator/controllers/profiles/gitops/profile_gitops.go b/packages/sonataflow-operator/internal/controller/profiles/gitops/profile_gitops.go
similarity index 95%
rename from packages/sonataflow-operator/controllers/profiles/gitops/profile_gitops.go
rename to packages/sonataflow-operator/internal/controller/profiles/gitops/profile_gitops.go
index 690c3b7d56f..746fc52c3f5 100644
--- a/packages/sonataflow-operator/controllers/profiles/gitops/profile_gitops.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/gitops/profile_gitops.go
@@ -18,13 +18,14 @@
package gitops
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/discovery"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/discovery"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
var _ profiles.ProfileReconciler = &gitOpsProfile{}
diff --git a/packages/sonataflow-operator/controllers/profiles/gitops/profile_gitops_test.go b/packages/sonataflow-operator/internal/controller/profiles/gitops/profile_gitops_test.go
similarity index 83%
rename from packages/sonataflow-operator/controllers/profiles/gitops/profile_gitops_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/gitops/profile_gitops_test.go
index b245520d5c6..c67538fad2b 100644
--- a/packages/sonataflow-operator/controllers/profiles/gitops/profile_gitops_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/gitops/profile_gitops_test.go
@@ -21,18 +21,20 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
clientruntime "sigs.k8s.io/controller-runtime/pkg/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
func Test_Reconciler_ProdOps(t *testing.T) {
- workflow := test.GetBaseSonataFlowWithProdOpsProfile(t.Name())
+ workflow := test.GetBaseSonataFlowWithPreviewProfile(t.Name())
workflow.Spec.PodTemplate.PodSpec.InitContainers = append(workflow.Spec.PodTemplate.PodSpec.InitContainers, corev1.Container{
Name: "check-postgres",
Image: "registry.access.redhat.com/ubi9/ubi-micro:latest",
@@ -41,6 +43,9 @@ func Test_Reconciler_ProdOps(t *testing.T) {
client := test.NewSonataFlowClientBuilder().
WithStatusSubresource(workflow, &operatorapi.SonataFlowBuild{}).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
result, err := NewProfileForOpsReconciler(client, &rest.Config{}, test.NewFakeRecorder()).Reconcile(context.TODO(), workflow)
assert.NoError(t, err)
@@ -67,5 +72,14 @@ func Test_Reconciler_ProdOps(t *testing.T) {
assert.NotNil(t, deployment.ObjectMeta)
assert.NotNil(t, deployment.ObjectMeta.Labels)
- assert.Equal(t, deployment.ObjectMeta.Labels, map[string]string{"test": "test", "app": "simple", "sonataflow.org/workflow-app": "simple"})
+ assert.Equal(t, deployment.ObjectMeta.Labels, map[string]string{
+ "app": "simple",
+ "test": "test",
+ "sonataflow.org/workflow-app": "simple",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "simple",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator",
+ "app.kubernetes.io/part-of": "sonataflow-platform",
+ })
diff --git a/packages/sonataflow-operator/controllers/profiles/gitops/states_gitops.go b/packages/sonataflow-operator/internal/controller/profiles/gitops/states_gitops.go
similarity index 73%
rename from packages/sonataflow-operator/controllers/profiles/gitops/states_gitops.go
rename to packages/sonataflow-operator/internal/controller/profiles/gitops/states_gitops.go
index 8f6379c0b18..0a220d2d875 100644
--- a/packages/sonataflow-operator/controllers/profiles/gitops/states_gitops.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/gitops/states_gitops.go
@@ -1,16 +1,19 @@
-// Copyright 2023 Red Hat, Inc. and/or its affiliates
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package gitops
@@ -23,7 +26,7 @@ import (
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
type ensureBuildSkipped struct {
diff --git a/packages/sonataflow-operator/internal/controller/profiles/monitoring/monitoring.go b/packages/sonataflow-operator/internal/controller/profiles/monitoring/monitoring.go
new file mode 100644
index 00000000000..202a76ececd
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/profiles/monitoring/monitoring.go
@@ -0,0 +1,67 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package monitoring
+import (
+ "context"
+ "k8s.io/klog/v2"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/monitoring"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+var _ MonitoringEventingHandler = &monitoringObjectManager{}
+type monitoringObjectManager struct {
+ serviceMonitor common.ObjectEnsurer
+ *common.StateSupport
+func NewMonitoringHandler(support *common.StateSupport) MonitoringEventingHandler {
+ return &monitoringObjectManager{
+ serviceMonitor: common.NewObjectEnsurer(support.C, common.ServiceMonitorCreator),
+ StateSupport: support,
+ }
+type MonitoringEventingHandler interface {
+ Ensure(ctx context.Context, workflow *operatorapi.SonataFlow) ([]client.Object, error)
+func (k monitoringObjectManager) Ensure(ctx context.Context, workflow *operatorapi.SonataFlow) ([]client.Object, error) {
+ var objs []client.Object
+ monitoringAvail, err := monitoring.GetPrometheusAvailability(k.Cfg)
+ if err != nil {
+ klog.V(log.I).InfoS("Error checking Prometheus availability: %v", err)
+ return nil, err
+ }
+ if monitoringAvail {
+ // create serviceMonitor
+ serviceMonitor, _, err := k.serviceMonitor.Ensure(ctx, workflow)
+ if err != nil {
+ return objs, err
+ } else if serviceMonitor != nil {
+ objs = append(objs, serviceMonitor)
+ }
+ }
+ return objs, nil
diff --git a/packages/sonataflow-operator/internal/controller/profiles/preview/deployment_handler.go b/packages/sonataflow-operator/internal/controller/profiles/preview/deployment_handler.go
new file mode 100644
index 00000000000..61a39162f74
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/profiles/preview/deployment_handler.go
@@ -0,0 +1,191 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package preview
+import (
+ "context"
+ v1 "k8s.io/api/core/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+ "sigs.k8s.io/controller-runtime/pkg/reconcile"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/monitoring"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+type DeploymentReconciler struct {
+ *common.StateSupport
+ ensurers *ObjectEnsurers
+func NewDeploymentReconciler(stateSupport *common.StateSupport, ensurer *ObjectEnsurers) *DeploymentReconciler {
+ return &DeploymentReconciler{
+ StateSupport: stateSupport,
+ ensurers: ensurer,
+ }
+func (d *DeploymentReconciler) Reconcile(ctx context.Context, workflow *operatorapi.SonataFlow) (reconcile.Result, []client.Object, error) {
+ return d.reconcileWithImage(ctx, workflow, "")
+func (d *DeploymentReconciler) reconcileWithImage(ctx context.Context, workflow *operatorapi.SonataFlow, image string) (reconcile.Result, []client.Object, error) {
+ // Checks if we need Knative installed and is not present.
+ if requires, err := d.ensureKnativeServingRequired(workflow); requires || err != nil {
+ return reconcile.Result{Requeue: false}, nil, err
+ }
+ // Ensure objects
+ result, objs, err := d.ensureObjects(ctx, workflow, image)
+ if err != nil || result.Requeue {
+ return result, objs, err
+ }
+ // Follow deployment status
+ result, err = common.DeploymentManager(d.C).SyncDeploymentStatus(ctx, workflow)
+ if err != nil {
+ return reconcile.Result{Requeue: false}, nil, err
+ }
+ if _, err := d.PerformStatusUpdate(ctx, workflow); err != nil {
+ return reconcile.Result{Requeue: false}, nil, err
+ }
+ return result, objs, nil
+// ensureKnativeServingRequired returns true if the SonataFlow instance requires Knative deployment and Knative Serving is not available.
+func (d *DeploymentReconciler) ensureKnativeServingRequired(workflow *operatorapi.SonataFlow) (bool, error) {
+ if workflow.IsKnativeDeployment() {
+ avail, err := knative.GetKnativeAvailability(d.Cfg)
+ if err != nil {
+ return true, err
+ }
+ if !avail.Serving {
+ d.Recorder.Eventf(workflow, v1.EventTypeWarning,
+ "KnativeServingNotAvailable",
+ "Knative Serving is not available in this cluster, can't deploy workflow. Please update the deployment model to %s",
+ operatorapi.KubernetesDeploymentModel)
+ return true, nil
+ }
+ }
+ return false, nil
+func (d *DeploymentReconciler) ensureObjects(ctx context.Context, workflow *operatorapi.SonataFlow, image string) (reconcile.Result, []client.Object, error) {
+ pl, _ := platform.GetActivePlatform(ctx, d.C, workflow.Namespace)
+ userPropsCM, _, err := d.ensurers.userPropsConfigMap.Ensure(ctx, workflow)
+ if err != nil {
+ workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.ExternalResourcesNotFoundReason, "Unable to retrieve the user properties config map")
+ _, _ = d.PerformStatusUpdate(ctx, workflow)
+ return reconcile.Result{}, nil, err
+ }
+ managedPropsCM, _, err := d.ensurers.managedPropsConfigMap.Ensure(ctx, workflow, pl,
+ common.ManagedPropertiesMutateVisitor(ctx, d.StateSupport.Catalog, workflow, pl, userPropsCM.(*v1.ConfigMap)))
+ if err != nil {
+ workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.ExternalResourcesNotFoundReason, "Unable to retrieve the managed properties config map")
+ _, _ = d.PerformStatusUpdate(ctx, workflow)
+ return reconcile.Result{}, nil, err
+ }
+ deployment, deploymentOp, err :=
+ d.ensurers.DeploymentByDeploymentModel(workflow).Ensure(ctx, workflow, pl,
+ d.deploymentModelMutateVisitors(workflow, pl, image, userPropsCM.(*v1.ConfigMap), managedPropsCM.(*v1.ConfigMap))...)
+ if err != nil {
+ workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.DeploymentUnavailableReason, "Unable to perform the deploy due to ", err)
+ _, _ = d.PerformStatusUpdate(ctx, workflow)
+ return reconcile.Result{}, nil, err
+ }
+ service, _, err := d.ensurers.ServiceByDeploymentModel(workflow).Ensure(ctx, workflow, common.ServiceMutateVisitor(workflow))
+ if err != nil {
+ workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.DeploymentUnavailableReason, "Unable to make the service available due to ", err)
+ _, _ = d.PerformStatusUpdate(ctx, workflow)
+ return reconcile.Result{}, nil, err
+ }
+ objs := []client.Object{deployment, managedPropsCM, service}
+ eventingObjs, err := common.NewKnativeEventingHandler(d.StateSupport, pl).Ensure(ctx, workflow)
+ if err != nil {
+ return reconcile.Result{}, nil, err
+ }
+ objs = append(objs, eventingObjs...)
+ serviceMonitor, err := d.ensureServiceMonitor(ctx, workflow, pl)
+ if err != nil {
+ return reconcile.Result{}, nil, err
+ }
+ if serviceMonitor != nil {
+ objs = append(objs, serviceMonitor)
+ }
+ if deploymentOp == controllerutil.OperationResultCreated {
+ workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.WaitingForDeploymentReason, "")
+ if _, err := d.PerformStatusUpdate(ctx, workflow); err != nil {
+ return reconcile.Result{}, nil, err
+ }
+ return reconcile.Result{RequeueAfter: constants.RequeueAfterFollowDeployment, Requeue: true}, objs, nil
+ }
+ return reconcile.Result{}, objs, nil
+func (d *DeploymentReconciler) ensureServiceMonitor(ctx context.Context, workflow *operatorapi.SonataFlow, pl *operatorapi.SonataFlowPlatform) (client.Object, error) {
+ if monitoring.IsMonitoringEnabled(pl) {
+ serviceMonitor, _, err := d.ensurers.ServiceMonitorByDeploymentModel(workflow).Ensure(ctx, workflow)
+ return serviceMonitor, err
+ }
+ return nil, nil
+func (d *DeploymentReconciler) deploymentModelMutateVisitors(
+ workflow *operatorapi.SonataFlow,
+ plf *operatorapi.SonataFlowPlatform,
+ image string,
+ userPropsCM *v1.ConfigMap,
+ managedPropsCM *v1.ConfigMap) []common.MutateVisitor {
+ if workflow.IsKnativeDeployment() {
+ return []common.MutateVisitor{common.KServiceMutateVisitor(workflow, plf),
+ common.ImageKServiceMutateVisitor(workflow, image),
+ mountConfigMapsMutateVisitor(workflow, userPropsCM, managedPropsCM),
+ common.RestoreKServiceVolumeAndVolumeMountMutateVisitor(),
+ }
+ }
+ if utils.IsOpenShift() {
+ return []common.MutateVisitor{common.DeploymentMutateVisitor(workflow, plf),
+ mountConfigMapsMutateVisitor(workflow, userPropsCM, managedPropsCM),
+ addOpenShiftImageTriggerDeploymentMutateVisitor(workflow, image),
+ common.ImageDeploymentMutateVisitor(workflow, image),
+ common.RestoreDeploymentVolumeAndVolumeMountMutateVisitor(),
+ common.RolloutDeploymentIfCMChangedMutateVisitor(workflow, userPropsCM, managedPropsCM),
+ }
+ }
+ return []common.MutateVisitor{common.DeploymentMutateVisitor(workflow, plf),
+ common.ImageDeploymentMutateVisitor(workflow, image),
+ mountConfigMapsMutateVisitor(workflow, userPropsCM, managedPropsCM),
+ common.RestoreDeploymentVolumeAndVolumeMountMutateVisitor(),
+ common.RolloutDeploymentIfCMChangedMutateVisitor(workflow, userPropsCM, managedPropsCM)}
diff --git a/packages/sonataflow-operator/controllers/profiles/preview/deployment_handler_test.go b/packages/sonataflow-operator/internal/controller/profiles/preview/deployment_handler_test.go
similarity index 72%
rename from packages/sonataflow-operator/controllers/profiles/preview/deployment_handler_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/preview/deployment_handler_test.go
index be5f18d05c7..099e4d07659 100644
--- a/packages/sonataflow-operator/controllers/profiles/preview/deployment_handler_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/preview/deployment_handler_test.go
@@ -1,16 +1,19 @@
-// Copyright 2023 Red Hat, Inc. and/or its affiliates
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
package preview
@@ -18,26 +21,62 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj"
v1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+ servingv1 "knative.dev/serving/pkg/apis/serving/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj"
+type fakeDeploymentReconciler struct {
+ DeploymentReconciler
+func Test_CheckDeploymentModelIsKnative(t *testing.T) {
+ workflow := test.GetBaseSonataFlowWithPreviewProfile(t.Name())
+ workflow.Spec.PodTemplate.DeploymentModel = v1alpha08.KnativeDeploymentModel
+ cli := test.NewSonataFlowClientBuilderWithKnative().
+ WithRuntimeObjects(workflow).
+ WithStatusSubresource(workflow).
+ Build()
+ stateSupport := fakeReconcilerSupport(cli)
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
+ handler := NewDeploymentReconciler(stateSupport, NewObjectEnsurers(stateSupport))
+ result, objects, err := handler.ensureObjects(context.TODO(), workflow, "")
+ assert.NoError(t, err)
+ assert.NotEmpty(t, objects)
+ assert.True(t, result.Requeue)
+ var ksvc *servingv1.Service
+ for _, o := range objects {
+ if _, ok := o.(*servingv1.Service); ok {
+ ksvc = o.(*servingv1.Service)
+ assert.Equal(t, v1alpha08.DefaultContainerName, ksvc.Spec.Template.Spec.Containers[0].Name)
+ break
+ }
+ }
+ assert.NotNil(t, ksvc)
func Test_CheckPodTemplateChangesReflectDeployment(t *testing.T) {
- workflow := test.GetBaseSonataFlowWithProdOpsProfile(t.Name())
+ workflow := test.GetBaseSonataFlowWithPreviewProfile(t.Name())
client := test.NewSonataFlowClientBuilder().
stateSupport := fakeReconcilerSupport(client)
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
handler := NewDeploymentReconciler(stateSupport, NewObjectEnsurers(stateSupport))
result, objects, err := handler.Reconcile(context.TODO(), workflow)
@@ -53,24 +92,27 @@ func Test_CheckPodTemplateChangesReflectDeployment(t *testing.T) {
assert.NoError(t, err)
assert.NotEmpty(t, objects)
assert.True(t, result.Requeue)
+ var deployment *v1.Deployment
for _, o := range objects {
if _, ok := o.(*v1.Deployment); ok {
- deployment := o.(*v1.Deployment)
+ deployment = o.(*v1.Deployment)
assert.Equal(t, expectedImg, deployment.Spec.Template.Spec.Containers[0].Image)
assert.Equal(t, v1alpha08.DefaultContainerName, deployment.Spec.Template.Spec.Containers[0].Name)
+ assert.NotNil(t, deployment)
func Test_CheckDeploymentRolloutAfterCMChange(t *testing.T) {
- workflow := test.GetBaseSonataFlowWithProdOpsProfile(t.Name())
+ workflow := test.GetBaseSonataFlowWithPreviewProfile(t.Name())
client := test.NewSonataFlowClientBuilder().
stateSupport := fakeReconcilerSupport(client)
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
handler := NewDeploymentReconciler(stateSupport, NewObjectEnsurers(stateSupport))
result, objects, err := handler.Reconcile(context.TODO(), workflow)
@@ -126,13 +168,14 @@ func Test_CheckDeploymentRolloutAfterCMChange(t *testing.T) {
func Test_CheckDeploymentUnchangedAfterCMChangeOtherKeys(t *testing.T) {
- workflow := test.GetBaseSonataFlowWithProdOpsProfile(t.Name())
+ workflow := test.GetBaseSonataFlowWithPreviewProfile(t.Name())
client := test.NewSonataFlowClientBuilder().
stateSupport := fakeReconcilerSupport(client)
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
handler := NewDeploymentReconciler(stateSupport, NewObjectEnsurers(stateSupport))
result, objects, err := handler.Reconcile(context.TODO(), workflow)
diff --git a/packages/sonataflow-operator/controllers/profiles/preview/object_creators_preview.go b/packages/sonataflow-operator/internal/controller/profiles/preview/object_creators_preview.go
similarity index 74%
rename from packages/sonataflow-operator/controllers/profiles/preview/object_creators_preview.go
rename to packages/sonataflow-operator/internal/controller/profiles/preview/object_creators_preview.go
index 20ebe73518b..867df52d7a7 100644
--- a/packages/sonataflow-operator/controllers/profiles/preview/object_creators_preview.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/preview/object_creators_preview.go
@@ -24,14 +24,15 @@ import (
appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
+ servingv1 "knative.dev/serving/pkg/apis/serving/v1"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
@@ -64,28 +65,40 @@ func addOpenShiftImageTriggerDeploymentMutateVisitor(workflow *v1alpha08.SonataF
-// mountDevConfigMapsMutateVisitor mounts the required configMaps in the Workflow Dev Deployment
-func mountProdConfigMapsMutateVisitor(workflow *operatorapi.SonataFlow, userPropsCM *v1.ConfigMap, managedPropsCM *v1.ConfigMap) common.MutateVisitor {
+// mountConfigMapsMutateVisitor mounts the required configMaps in the SonataFlow instance
+func mountConfigMapsMutateVisitor(workflow *operatorapi.SonataFlow, userPropsCM *v1.ConfigMap, managedPropsCM *v1.ConfigMap) common.MutateVisitor {
return func(object client.Object) controllerutil.MutateFn {
return func() error {
- deployment := object.(*appsv1.Deployment)
- _, idx := kubeutil.GetContainerByName(v1alpha08.DefaultContainerName, &deployment.Spec.Template.Spec)
+ var podTemplateSpec *v1.PodSpec
- if len(deployment.Spec.Template.Spec.Volumes) == 0 {
- deployment.Spec.Template.Spec.Volumes = make([]v1.Volume, 0, 1)
+ if workflow.IsKnativeDeployment() {
+ ksvc := object.(*servingv1.Service)
+ podTemplateSpec = &ksvc.Spec.Template.Spec.PodSpec
+ } else {
+ deployment := object.(*appsv1.Deployment)
+ podTemplateSpec = &deployment.Spec.Template.Spec
+ if err := kubeutil.AnnotateDeploymentConfigChecksum(workflow, deployment, userPropsCM, managedPropsCM); err != nil {
+ return err
+ }
- if len(deployment.Spec.Template.Spec.Containers[idx].VolumeMounts) == 0 {
- deployment.Spec.Template.Spec.Containers[idx].VolumeMounts = make([]v1.VolumeMount, 0, 1)
+ _, idx := kubeutil.GetContainerByName(v1alpha08.DefaultContainerName, podTemplateSpec)
+ if len(podTemplateSpec.Volumes) == 0 {
+ podTemplateSpec.Volumes = make([]v1.Volume, 0, 1)
+ }
+ if len(podTemplateSpec.Containers[idx].VolumeMounts) == 0 {
+ podTemplateSpec.Containers[idx].VolumeMounts = make([]v1.VolumeMount, 0, 1)
defaultResourcesVolume := v1.Volume{Name: constants.ConfigMapWorkflowPropsVolumeName, VolumeSource: v1.VolumeSource{Projected: &v1.ProjectedVolumeSource{}}}
kubeutil.VolumeProjectionAddConfigMap(defaultResourcesVolume.Projected, userPropsCM.Name, v1.KeyToPath{Key: workflowproj.ApplicationPropertiesFileName, Path: workflowproj.ApplicationPropertiesFileName})
kubeutil.VolumeProjectionAddConfigMap(defaultResourcesVolume.Projected, managedPropsCM.Name, v1.KeyToPath{Key: workflowproj.GetManagedPropertiesFileName(workflow), Path: workflowproj.GetManagedPropertiesFileName(workflow)})
- kubeutil.AddOrReplaceVolume(&deployment.Spec.Template.Spec, defaultResourcesVolume)
- kubeutil.AddOrReplaceVolumeMount(idx, &deployment.Spec.Template.Spec,
+ kubeutil.AddOrReplaceVolume(podTemplateSpec, defaultResourcesVolume)
+ kubeutil.AddOrReplaceVolumeMount(&podTemplateSpec.Containers[idx],
kubeutil.VolumeMount(constants.ConfigMapWorkflowPropsVolumeName, true, quarkusProdConfigMountPath))
- return kubeutil.AnnotateDeploymentConfigChecksum(workflow, deployment, userPropsCM, managedPropsCM)
+ return nil
diff --git a/packages/sonataflow-operator/controllers/profiles/preview/profile_preview.go b/packages/sonataflow-operator/internal/controller/profiles/preview/profile_preview.go
similarity index 61%
rename from packages/sonataflow-operator/controllers/profiles/preview/profile_preview.go
rename to packages/sonataflow-operator/internal/controller/profiles/preview/profile_preview.go
index 3a6add3f672..3dffb4bd4c7 100644
--- a/packages/sonataflow-operator/controllers/profiles/preview/profile_preview.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/preview/profile_preview.go
@@ -22,16 +22,19 @@ package preview
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/discovery"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/discovery"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
var _ profiles.ProfileReconciler = &previewProfile{}
@@ -48,21 +51,55 @@ const (
quarkusProdConfigMountPath = "/deployments/config"
-// ObjectEnsurers is a struct for the objects that ReconciliationState needs to create in the platform for the Production profile.
+// ObjectEnsurers is a struct for the objects that ReconciliationState needs to create in the platform for the preview profile.
// ReconciliationState that needs access to it must include this struct as an attribute and initialize it in the profile builder.
// Use NewObjectEnsurers to facilitate building this struct
type ObjectEnsurers struct {
- deployment common.ObjectEnsurerWithPlatform
- service common.ObjectEnsurer
+ // deployment for this ensurer. Don't call it directly, use DeploymentByDeploymentModel instead
+ deployment common.ObjectEnsurerWithPlatform
+ // kservice Knative Serving deployment for this ensurer. Don't call it directly, use DeploymentByDeploymentModel instead
+ kservice common.ObjectEnsurerWithPlatform
+ // service for this ensurer. Don't call it directly, use ServiceByDeploymentModel instead
+ service common.ObjectEnsurer
+ // serviceMonitor for this ensurer. Don't call it directly, use ServiceMonitorByDeploymentModel instead
+ serviceMonitor common.ObjectEnsurer
userPropsConfigMap common.ObjectEnsurer
managedPropsConfigMap common.ObjectEnsurerWithPlatform
+// DeploymentByDeploymentModel gets the deployment ensurer based on the SonataFlow deployment model
+func (o *ObjectEnsurers) DeploymentByDeploymentModel(workflow *v1alpha08.SonataFlow) common.ObjectEnsurerWithPlatform {
+ if workflow.IsKnativeDeployment() {
+ return o.kservice
+ }
+ return o.deployment
+// ServiceByDeploymentModel gets the service ensurer based on the SonataFlow deployment model
+func (o *ObjectEnsurers) ServiceByDeploymentModel(workflow *v1alpha08.SonataFlow) common.ObjectEnsurer {
+ if workflow.IsKnativeDeployment() {
+ // Knative Serving handles the service
+ return common.NewNoopObjectEnsurer()
+ }
+ return o.service
+// ServiceMonitorByDeploymentModel gets the service monitor ensurer based on the SonataFlow deployment model
+func (o *ObjectEnsurers) ServiceMonitorByDeploymentModel(workflow *v1alpha08.SonataFlow) common.ObjectEnsurer {
+ if workflow.IsKnativeDeployment() {
+ // Do not create service monitor for workflows deployed as Knative service
+ return common.NewNoopObjectEnsurer()
+ }
+ return o.serviceMonitor
// NewObjectEnsurers common.ObjectEnsurer(s) for the preview profile.
func NewObjectEnsurers(support *common.StateSupport) *ObjectEnsurers {
return &ObjectEnsurers{
deployment: common.NewObjectEnsurerWithPlatform(support.C, common.DeploymentCreator),
+ kservice: common.NewObjectEnsurerWithPlatform(support.C, common.KServiceCreator),
service: common.NewObjectEnsurer(support.C, common.ServiceCreator),
+ serviceMonitor: common.NewObjectEnsurer(support.C, common.ServiceMonitorCreator),
userPropsConfigMap: common.NewObjectEnsurer(support.C, common.UserPropsConfigMapCreator),
managedPropsConfigMap: common.NewObjectEnsurerWithPlatform(support.C, common.ManagedPropsConfigMapCreator),
@@ -79,7 +116,7 @@ func NewProfileReconciler(client client.Client, cfg *rest.Config, recorder recor
// the reconciliation state machine
stateMachine := common.NewReconciliationStateMachine(
- &newBuilderState{StateSupport: support},
+ &newBuilderState{StateSupport: support, ensurers: NewObjectEnsurers(support)},
&followBuildStatusState{StateSupport: support},
&deployWithBuildWorkflowState{StateSupport: support, ensurers: NewObjectEnsurers(support)},
diff --git a/packages/sonataflow-operator/controllers/profiles/preview/profile_preview_test.go b/packages/sonataflow-operator/internal/controller/profiles/preview/profile_preview_test.go
similarity index 80%
rename from packages/sonataflow-operator/controllers/profiles/preview/profile_preview_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/preview/profile_preview_test.go
index 0ba56f7440c..d2cdb66a912 100644
--- a/packages/sonataflow-operator/controllers/profiles/preview/profile_preview_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/preview/profile_preview_test.go
@@ -24,15 +24,19 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
+ prometheus "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
clientruntime "sigs.k8s.io/controller-runtime/pkg/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj"
func Test_Reconciler_ProdCustomPod(t *testing.T) {
@@ -49,6 +53,7 @@ func Test_Reconciler_ProdCustomPod(t *testing.T) {
client := test.NewSonataFlowClientBuilder().
WithRuntimeObjects(workflow, build, platform).
WithStatusSubresource(workflow, build, platform).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
_, err := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder()).Reconcile(context.TODO(), workflow)
assert.NoError(t, err)
@@ -63,7 +68,15 @@ func Test_Reconciler_ProdCustomPod(t *testing.T) {
assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 1)
assert.NotNil(t, deployment.ObjectMeta)
assert.NotNil(t, deployment.ObjectMeta.Labels)
- assert.Equal(t, deployment.ObjectMeta.Labels, map[string]string{"test": "test", "app": "greeting", "sonataflow.org/workflow-app": "greeting"})
+ assert.Equal(t, deployment.ObjectMeta.Labels, map[string]string{
+ "app": "greeting",
+ "test": "test",
+ "sonataflow.org/workflow-app": "greeting",
+ "sonataflow.org/workflow-namespace": workflow.Namespace,
+ "app.kubernetes.io/name": "greeting",
+ "app.kubernetes.io/component": "serverless-workflow",
+ "app.kubernetes.io/managed-by": "sonataflow-operator",
+ })
func Test_reconcilerProdBuildConditions(t *testing.T) {
@@ -72,7 +85,7 @@ func Test_reconcilerProdBuildConditions(t *testing.T) {
client := test.NewSonataFlowClientBuilder().
WithRuntimeObjects(workflow, platform).
WithStatusSubresource(workflow, platform, &operatorapi.SonataFlowBuild{}).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
result, err := NewProfileReconciler(client, &rest.Config{}, test.NewFakeRecorder()).Reconcile(context.TODO(), workflow)
assert.NoError(t, err)
@@ -129,11 +142,13 @@ func Test_reconcilerProdBuildConditions(t *testing.T) {
func Test_deployWorkflowReconciliationHandler_handleObjects(t *testing.T) {
workflow := test.GetBaseSonataFlow(t.Name())
platform := test.GetBasePlatformInReadyPhase(t.Name())
+ platform.Spec.Monitoring = &operatorapi.PlatformMonitoringOptionsSpec{Enabled: true}
build := test.GetLocalSucceedSonataFlowBuild(workflow.Name, workflow.Namespace)
- client := test.NewSonataFlowClientBuilder().
+ client := test.NewKogitoClientBuilderWithOpenShift().
WithRuntimeObjects(workflow, platform, build).
WithStatusSubresource(workflow, platform, build).
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
handler := &deployWithBuildWorkflowState{
StateSupport: fakeReconcilerSupport(client),
ensurers: NewObjectEnsurers(&common.StateSupport{C: client}),
@@ -142,7 +157,7 @@ func Test_deployWorkflowReconciliationHandler_handleObjects(t *testing.T) {
assert.Greater(t, result.RequeueAfter, int64(0))
assert.NoError(t, err)
assert.NotNil(t, result)
- assert.Len(t, objects, 3)
+ assert.Len(t, objects, 4)
deployment := &appsv1.Deployment{}
err = client.Get(context.TODO(), clientruntime.ObjectKeyFromObject(workflow), deployment)
@@ -153,16 +168,28 @@ func Test_deployWorkflowReconciliationHandler_handleObjects(t *testing.T) {
assert.NoError(t, err)
assert.False(t, workflow.Status.IsReady())
assert.Equal(t, api.WaitingForDeploymentReason, workflow.Status.GetTopLevelCondition().Reason)
+ serviceMonitor := &prometheus.ServiceMonitor{}
+ err = client.Get(context.TODO(), clientruntime.ObjectKeyFromObject(workflow), serviceMonitor)
+ assert.NoError(t, err)
+ assert.NotEmpty(t, serviceMonitor.Spec)
+ assert.NotEmpty(t, serviceMonitor.Spec.Selector)
+ assert.Equal(t, len(serviceMonitor.Spec.Selector.MatchLabels), 2)
+ assert.Equal(t, serviceMonitor.Spec.Selector.MatchLabels[workflowproj.LabelWorkflow], workflow.Name)
+ assert.Equal(t, serviceMonitor.Spec.Selector.MatchLabels[workflowproj.LabelWorkflowNamespace], workflow.Namespace)
+ assert.Equal(t, len(serviceMonitor.Spec.Endpoints), 1)
+ assert.Equal(t, serviceMonitor.Spec.Endpoints[0].Port, "web")
+ assert.Equal(t, serviceMonitor.Spec.Endpoints[0].Path, "/q/metrics")
-func Test_GenerationAnnotationCheck(t *testing.T) {
+func Test_WorkflowChangedCheck(t *testing.T) {
// we load a workflow with metadata.generation to 0
workflow := test.GetBaseSonataFlow(t.Name())
platform := test.GetBasePlatformInReadyPhase(t.Name())
client := test.NewSonataFlowClientBuilder().
WithRuntimeObjects(workflow, platform).
WithStatusSubresource(workflow, platform, &operatorapi.SonataFlowBuild{}).Build()
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
handler := &deployWithBuildWorkflowState{
StateSupport: fakeReconcilerSupport(client),
ensurers: NewObjectEnsurers(&common.StateSupport{C: client}),
@@ -173,15 +200,14 @@ func Test_GenerationAnnotationCheck(t *testing.T) {
assert.NotNil(t, result)
assert.Len(t, objects, 3)
- // then we load a workflow with metadata.generation set to 1
+ // then we load the current workflow
workflowChanged := &operatorapi.SonataFlow{}
err = client.Get(context.TODO(), clientruntime.ObjectKeyFromObject(workflow), workflowChanged)
assert.NoError(t, err)
- //we set the generation to 1
- workflowChanged.Generation = int64(1)
- err = client.Update(context.TODO(), workflowChanged)
- assert.NoError(t, err)
- // reconcile
+ //we change something within the flow
+ workflowChanged.Spec.Flow.AutoRetries = true
+ // reconcile -> the one in the k8s DB is different, so there's a change.
handler = &deployWithBuildWorkflowState{
StateSupport: fakeReconcilerSupport(client),
ensurers: NewObjectEnsurers(&common.StateSupport{C: client}),
@@ -198,5 +224,6 @@ func fakeReconcilerSupport(client clientruntime.Client) *common.StateSupport {
return &common.StateSupport{
C: client,
Recorder: test.NewFakeRecorder(),
+ Cfg: &rest.Config{},
diff --git a/packages/sonataflow-operator/controllers/profiles/preview/states_preview.go b/packages/sonataflow-operator/internal/controller/profiles/preview/states_preview.go
similarity index 64%
rename from packages/sonataflow-operator/controllers/profiles/preview/states_preview.go
rename to packages/sonataflow-operator/internal/controller/profiles/preview/states_preview.go
index 85f6ed8caf9..492e5aab733 100644
--- a/packages/sonataflow-operator/controllers/profiles/preview/states_preview.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/preview/states_preview.go
@@ -21,25 +21,39 @@ package preview
import (
+ "fmt"
+ "sort"
corev1 "k8s.io/api/core/v1"
- "k8s.io/klog/v2"
+ "k8s.io/apimachinery/pkg/labels"
+ servingv1 "knative.dev/serving/pkg/apis/serving/v1"
ctrl "sigs.k8s.io/controller-runtime"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+ klog "k8s.io/klog/v2"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/builder"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/builder"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
- kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj"
+const (
+ kSink = "K_SINK"
+ workflowContainer = "workflow"
type newBuilderState struct {
+ ensurers *ObjectEnsurers
func (h *newBuilderState) CanReconcile(workflow *operatorapi.SonataFlow) bool {
@@ -49,7 +63,7 @@ func (h *newBuilderState) CanReconcile(workflow *operatorapi.SonataFlow) bool {
func (h *newBuilderState) Do(ctx context.Context, workflow *operatorapi.SonataFlow) (ctrl.Result, []client.Object, error) {
- _, err := platform.GetActivePlatform(ctx, h.C, workflow.Namespace)
+ pl, err := platform.GetActivePlatform(ctx, h.C, workflow.Namespace)
if err != nil {
if errors.IsNotFound(err) {
workflow.Status.Manager().MarkFalse(api.BuiltConditionType, api.WaitingForPlatformReason,
@@ -62,6 +76,26 @@ func (h *newBuilderState) Do(ctx context.Context, workflow *operatorapi.SonataFl
klog.V(log.E).ErrorS(err, "Failed to get active platform")
return ctrl.Result{RequeueAfter: requeueWhileWaitForPlatform}, nil, err
+ // Perform status updated to ensure workflow.Status.Services references are set before properties calculation.
+ _, err = h.PerformStatusUpdate(ctx, workflow)
+ // Ensure the user and managed properties are prepared before starting the build process, and thus, we make them
+ // available at build time.
+ userPropsCM, _, err := h.ensurers.userPropsConfigMap.Ensure(ctx, workflow)
+ if err != nil {
+ workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.ExternalResourcesNotFoundReason, fmt.Sprintf("Unable to retrieve the user properties config map: %v", err))
+ _, err = h.PerformStatusUpdate(ctx, workflow)
+ return ctrl.Result{}, nil, err
+ }
+ _, _, err = h.ensurers.managedPropsConfigMap.Ensure(ctx, workflow, pl,
+ common.ManagedPropertiesMutateVisitor(ctx, h.StateSupport.Catalog, workflow, pl, userPropsCM.(*corev1.ConfigMap)))
+ if err != nil {
+ workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.ExternalResourcesNotFoundReason, fmt.Sprintf("Unable to retrieve the managed properties config map: %v", err))
+ _, err = h.PerformStatusUpdate(ctx, workflow)
+ return ctrl.Result{}, nil, err
+ }
// If there is an active platform we have got all the information to build but...
// ...let's check before if we have got already a build!
buildManager := builder.NewSonataFlowBuildManager(ctx, h.C)
@@ -177,7 +211,11 @@ func (h *deployWithBuildWorkflowState) Do(ctx context.Context, workflow *operato
return ctrl.Result{}, nil, err
- if h.isWorkflowChanged(workflow) { // Let's check that the 2 resWorkflowDef definition are different
+ hasChanged, err := h.isWorkflowChanged(workflow)
+ if err != nil {
+ return ctrl.Result{}, nil, err
+ }
+ if hasChanged { // Let's check that the 2 resWorkflowDef definition are different
if err = buildManager.MarkToRestart(build); err != nil {
return ctrl.Result{}, nil, err
@@ -189,19 +227,102 @@ func (h *deployWithBuildWorkflowState) Do(ctx context.Context, workflow *operato
// didn't change, business as usual
- return NewDeploymentReconciler(h.StateSupport, h.ensurers).reconcileWithBuiltImage(ctx, workflow, build.Status.ImageTag)
+ result, objs, err := NewDeploymentReconciler(h.StateSupport, h.ensurers).reconcileWithImage(ctx, workflow, build.Status.ImageTag)
+ if err != nil {
+ workflow.Status.Manager().MarkFalse(api.RunningConditionType, api.DeploymentFailureReason, fmt.Sprintf("Error in deploy the workflow:%s", err))
+ _, err = h.PerformStatusUpdate(ctx, workflow)
+ return result, nil, err
+ }
+ return result, objs, err
func (h *deployWithBuildWorkflowState) PostReconcile(ctx context.Context, workflow *operatorapi.SonataFlow) error {
- //By default, we don't want to perform anything after the reconciliation, and so we will simply return no error
+ // Clean up the outdated Knative revisions, if any
+ return h.cleanupOutdatedRevisions(ctx, workflow)
+// isWorkflowChanged checks whether the contents of .spec.flow of the given workflow has changed.
+func (h *deployWithBuildWorkflowState) isWorkflowChanged(workflow *operatorapi.SonataFlow) (bool, error) {
+ // Added this guard for backward compatibility for workflows deployed with a previous operator version, so we won't kick thousands of builds on users' cluster.
+ // After this reconciliation cycle, the CRC should be updated
+ if workflow.Status.FlowCRC == 0 {
+ return false, nil
+ }
+ actualCRC, err := utils.Crc32Checksum(workflow.Spec.Flow)
+ if err != nil {
+ return false, err
+ }
+ return actualCRC != workflow.Status.FlowCRC, nil
+func (h *deployWithBuildWorkflowState) cleanupOutdatedRevisions(ctx context.Context, workflow *operatorapi.SonataFlow) error {
+ if !workflow.IsKnativeDeployment() {
+ return nil
+ }
+ avail, err := knative.GetKnativeAvailability(h.Cfg)
+ if err != nil {
+ return err
+ }
+ if !avail.Serving || !avail.Eventing {
+ return nil
+ }
+ injected, err := knative.CheckKSinkInjected(workflow.Name, workflow.Namespace)
+ if err != nil {
+ return err
+ }
+ if !injected {
+ return fmt.Errorf("waiting for Sinkbinding K_SINK injection to complete")
+ }
+ opts := &client.ListOptions{
+ LabelSelector: labels.SelectorFromSet(
+ map[string]string{
+ workflowproj.LabelWorkflow: workflow.Name,
+ workflowproj.LabelWorkflowNamespace: workflow.Namespace,
+ },
+ ),
+ Namespace: workflow.Namespace,
+ }
+ revisionList := &servingv1.RevisionList{}
+ if err := h.C.List(ctx, revisionList, opts); err != nil {
+ return err
+ }
+ // Sort the revisions based on creation timestamp
+ sortRevisions(revisionList.Items)
+ // Clean up previous revisions that do not have K_SINK injected
+ for i := 0; i < len(revisionList.Items)-1; i++ {
+ revision := &revisionList.Items[i]
+ if !containsKSink(revision) {
+ klog.V(log.I).InfoS("Revision %s does not have K_SINK injected and can be cleaned up.", revision.Name)
+ if err := h.C.Delete(ctx, revision, &client.DeleteOptions{}); err != nil {
+ return err
+ }
+ }
+ }
return nil
-// isWorkflowChanged marks the workflow status as unknown to require a new build reconciliation
-func (h *deployWithBuildWorkflowState) isWorkflowChanged(workflow *operatorapi.SonataFlow) bool {
- generation := kubeutil.GetLastGeneration(workflow.Namespace, workflow.Name, h.C, context.TODO())
- if generation > workflow.Status.ObservedGeneration {
- return true
+func containsKSink(revision *servingv1.Revision) bool {
+ for _, container := range revision.Spec.PodSpec.Containers {
+ if container.Name == workflowContainer {
+ for _, env := range container.Env {
+ if env.Name == kSink {
+ return true
+ }
+ }
+ break
+ }
return false
+type CreationTimestamp []servingv1.Revision
+func (a CreationTimestamp) Len() int { return len(a) }
+func (a CreationTimestamp) Less(i, j int) bool {
+ return a[i].CreationTimestamp.Before(&a[j].CreationTimestamp)
+func (a CreationTimestamp) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
+func sortRevisions(revisions []servingv1.Revision) {
+ sort.Sort(CreationTimestamp(revisions))
diff --git a/packages/sonataflow-operator/internal/controller/profiles/preview/states_preview_test.go b/packages/sonataflow-operator/internal/controller/profiles/preview/states_preview_test.go
new file mode 100644
index 00000000000..27cb21f7874
--- /dev/null
+++ b/packages/sonataflow-operator/internal/controller/profiles/preview/states_preview_test.go
@@ -0,0 +1,55 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package preview
+import (
+ "testing"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+ "github.com/serverlessworkflow/sdk-go/v2/model"
+ "github.com/stretchr/testify/assert"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
+func Test_deployWithBuildWorkflowState_isWorkflowChanged(t *testing.T) {
+ workflow1 := test.GetBaseSonataFlow(t.Name())
+ workflow2 := test.GetBaseSonataFlow(t.Name())
+ workflow1.Status.FlowCRC, _ = utils.Crc32Checksum(workflow1.Spec.Flow)
+ workflow2.Status.FlowCRC, _ = utils.Crc32Checksum(workflow2.Spec.Flow)
+ deployWithBuildWorkflowState := &deployWithBuildWorkflowState{
+ StateSupport: &common.StateSupport{C: test.NewSonataFlowClientBuilder().WithRuntimeObjects(workflow1).Build()},
+ }
+ hasChanged, err := deployWithBuildWorkflowState.isWorkflowChanged(workflow2)
+ assert.NoError(t, err)
+ assert.False(t, hasChanged)
+ // change workflow2
+ workflow2.Spec.Flow.Metadata = model.Metadata{
+ "string": model.Object{
+ StringValue: "test",
+ },
+ }
+ hasChanged, err = deployWithBuildWorkflowState.isWorkflowChanged(workflow2)
+ assert.NoError(t, err)
+ assert.True(t, hasChanged)
diff --git a/packages/sonataflow-operator/controllers/profiles/profile.go b/packages/sonataflow-operator/internal/controller/profiles/profile.go
similarity index 97%
rename from packages/sonataflow-operator/controllers/profiles/profile.go
rename to packages/sonataflow-operator/internal/controller/profiles/profile.go
index 5a88deca002..959f7152c38 100644
--- a/packages/sonataflow-operator/controllers/profiles/profile.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/profile.go
@@ -22,11 +22,12 @@ package profiles
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj"
ctrl "sigs.k8s.io/controller-runtime"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/workflowproj"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
@@ -76,3 +77,6 @@ type ReconciliationState interface {
// IsDevProfile is an alias for workflowproj.IsDevProfile
var IsDevProfile = workflowproj.IsDevProfile
+// IsGitOpsProfile is an alias for workflowproj.IsGitOpsProfile
+var IsGitOpsProfile = workflowproj.IsGitOpsProfile
diff --git a/packages/sonataflow-operator/controllers/profiles/profile_test.go b/packages/sonataflow-operator/internal/controller/profiles/profile_test.go
similarity index 70%
rename from packages/sonataflow-operator/controllers/profiles/profile_test.go
rename to packages/sonataflow-operator/internal/controller/profiles/profile_test.go
index f0ab293dc6a..59c8040d128 100644
--- a/packages/sonataflow-operator/controllers/profiles/profile_test.go
+++ b/packages/sonataflow-operator/internal/controller/profiles/profile_test.go
@@ -37,3 +37,17 @@ func Test_workflowIsDevProfile(t *testing.T) {
workflowWithProdProfile := test.GetBaseSonataFlowWithProdProfile(t.Name())
assert.False(t, IsDevProfile(workflowWithProdProfile))
+func Test_workflowGitOpsProfile(t *testing.T) {
+ workflowWithDevProfile := test.GetBaseSonataFlowWithDevProfile(t.Name())
+ assert.False(t, IsGitOpsProfile(workflowWithDevProfile))
+ workflowWithNoProfile := test.GetBaseSonataFlow(t.Name())
+ assert.False(t, IsGitOpsProfile(workflowWithNoProfile))
+ workflowWithProdProfile := test.GetBaseSonataFlowWithProdProfile(t.Name())
+ assert.False(t, IsGitOpsProfile(workflowWithProdProfile))
+ workflowWithGitopsProfile := test.GetBaseSonataFlowWithGitopsProfile(t.Name())
+ assert.True(t, IsGitOpsProfile(workflowWithGitopsProfile))
diff --git a/packages/sonataflow-operator/controllers/sonataflow_controller.go b/packages/sonataflow-operator/internal/controller/sonataflow_controller.go
similarity index 66%
rename from packages/sonataflow-operator/controllers/sonataflow_controller.go
rename to packages/sonataflow-operator/internal/controller/sonataflow_controller.go
index 5d8b37f6257..8167f42dfa1 100644
--- a/packages/sonataflow-operator/controllers/sonataflow_controller.go
+++ b/packages/sonataflow-operator/internal/controller/sonataflow_controller.go
@@ -17,35 +17,47 @@
* under the License.
-package controllers
+package controller
import (
+ sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ servingv1 "knative.dev/serving/pkg/apis/serving/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/monitoring"
- profiles "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/factory"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/metadata"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ profiles "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/factory"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
+ prometheus "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+ "sigs.k8s.io/controller-runtime/pkg/event"
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
// SonataFlowReconciler reconciles a SonataFlow object
@@ -59,6 +71,8 @@ type SonataFlowReconciler struct {
// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
@@ -89,6 +103,17 @@ func (r *SonataFlowReconciler) Reconcile(ctx context.Context, req ctrl.Request)
return ctrl.Result{}, err
+ r.setDefaults(workflow)
+ // If the workflow is being deleted, clean up the triggers on a different namespace
+ if workflow.DeletionTimestamp != nil && controllerutil.ContainsFinalizer(workflow, constants.TriggerFinalizer) {
+ err := r.cleanupTriggers(ctx, workflow)
+ if err != nil {
+ klog.V(log.E).ErrorS(err, "Failed to clean up triggers for workflow %s", workflow.Name)
+ return ctrl.Result{}, err
+ }
+ return ctrl.Result{}, nil
+ }
// Only process resources assigned to the operator
if !platform.IsOperatorHandlerConsideringLock(ctx, r.Client, req.Namespace, workflow) {
klog.V(log.I).InfoS("Ignoring request because resource is not assigned to current operator")
@@ -97,6 +122,39 @@ func (r *SonataFlowReconciler) Reconcile(ctx context.Context, req ctrl.Request)
return profiles.NewReconciler(r.Client, r.Config, r.Recorder, workflow).Reconcile(ctx, workflow)
+// TODO: move to webhook see https://github.com/apache/incubator-kie-tools/packages/sonataflow-operator/pull/239
+func (r *SonataFlowReconciler) setDefaults(workflow *operatorapi.SonataFlow) {
+ if workflow.Annotations == nil {
+ workflow.Annotations = map[string]string{}
+ }
+ profile := metadata.GetProfileOrDefault(workflow.Annotations)
+ workflow.Annotations[metadata.Profile] = string(profile)
+ if profile == metadata.DevProfile {
+ workflow.Spec.PodTemplate.DeploymentModel = operatorapi.KubernetesDeploymentModel
+ }
+func (r *SonataFlowReconciler) cleanupTriggers(ctx context.Context, workflow *operatorapi.SonataFlow) error {
+ for _, triggerRef := range workflow.Status.Triggers {
+ trigger := &eventingv1.Trigger{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: triggerRef.Name,
+ Namespace: triggerRef.Namespace,
+ },
+ }
+ if err := r.Client.Delete(ctx, trigger); err != nil && !errors.IsNotFound(err) {
+ return err
+ }
+ }
+ controllerutil.RemoveFinalizer(workflow, constants.TriggerFinalizer)
+ return r.Client.Update(ctx, workflow)
+// Delete implements a handler for the Delete event.
+func (r *SonataFlowReconciler) Delete(e event.DeleteEvent) error {
+ return nil
func platformEnqueueRequestsFromMapFunc(c client.Client, p *operatorapi.SonataFlowPlatform) []reconcile.Request {
var requests []reconcile.Request
@@ -165,7 +223,7 @@ func buildEnqueueRequestsFromMapFunc(c client.Client, b *operatorapi.SonataFlowB
// SetupWithManager sets up the controller with the Manager.
func (r *SonataFlowReconciler) SetupWithManager(mgr ctrl.Manager) error {
- return ctrl.NewControllerManagedBy(mgr).
+ builder := ctrl.NewControllerManagedBy(mgr).
@@ -186,6 +244,27 @@ func (r *SonataFlowReconciler) SetupWithManager(mgr ctrl.Manager) error {
return []reconcile.Request{}
return buildEnqueueRequestsFromMapFunc(mgr.GetClient(), build)
- })).
- Complete(r)
+ }))
+ knativeAvail, err := knative.GetKnativeAvailability(mgr.GetConfig())
+ if err != nil {
+ return err
+ }
+ if knativeAvail.Serving {
+ builder = builder.Owns(&servingv1.Service{})
+ }
+ if knativeAvail.Eventing {
+ builder = builder.Owns(&eventingv1.Trigger{}).
+ Owns(&sourcesv1.SinkBinding{}).
+ Watches(&eventingv1.Trigger{}, handler.EnqueueRequestsFromMapFunc(knative.MapTriggerToPlatformRequests))
+ }
+ promAvail, err := monitoring.GetPrometheusAvailability(mgr.GetConfig())
+ if err != nil {
+ return err
+ }
+ if promAvail {
+ builder = builder.Owns(&prometheus.ServiceMonitor{})
+ }
+ return builder.Complete(r)
diff --git a/packages/sonataflow-operator/controllers/sonataflow_controller_test.go b/packages/sonataflow-operator/internal/controller/sonataflow_controller_test.go
similarity index 94%
rename from packages/sonataflow-operator/controllers/sonataflow_controller_test.go
rename to packages/sonataflow-operator/internal/controller/sonataflow_controller_test.go
index 855c120e01a..743818847e2 100644
--- a/packages/sonataflow-operator/controllers/sonataflow_controller_test.go
+++ b/packages/sonataflow-operator/internal/controller/sonataflow_controller_test.go
@@ -17,7 +17,7 @@
* under the License.
-package controllers
+package controller
import (
@@ -80,5 +80,8 @@ func TestSonataFlowController(t *testing.T) {
assert.True(t, ksw.Spec.Flow.Start.StateName == "ChooseOnLanguage")
assert.True(t, len(ksw.Spec.Flow.States) == 4)
+ assert.Equal(t, ksp.Name, afterReconcileWorkflow.Status.Platform.Name)
+ assert.Equal(t, ksp.Namespace, afterReconcileWorkflow.Status.Platform.Namespace)
diff --git a/packages/sonataflow-operator/controllers/sonataflowbuild_controller.go b/packages/sonataflow-operator/internal/controller/sonataflowbuild_controller.go
similarity index 98%
rename from packages/sonataflow-operator/controllers/sonataflowbuild_controller.go
rename to packages/sonataflow-operator/internal/controller/sonataflowbuild_controller.go
index 1ccfeeb1997..9991f658e38 100644
--- a/packages/sonataflow-operator/controllers/sonataflowbuild_controller.go
+++ b/packages/sonataflow-operator/internal/controller/sonataflowbuild_controller.go
@@ -17,7 +17,7 @@
* under the License.
-package controllers
+package controller
import (
@@ -25,10 +25,11 @@ import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/workflows"
- kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/workflows"
+ kubeutil "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils/kubernetes"
buildv1 "github.com/openshift/api/build/v1"
imgv1 "github.com/openshift/api/image/v1"
corev1 "k8s.io/api/core/v1"
@@ -42,7 +43,7 @@ import (
operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/builder"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/builder"
diff --git a/packages/sonataflow-operator/controllers/sonataflowbuild_controller_test.go b/packages/sonataflow-operator/internal/controller/sonataflowbuild_controller_test.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/sonataflowbuild_controller_test.go
rename to packages/sonataflow-operator/internal/controller/sonataflowbuild_controller_test.go
index ad2753d2103..28e52822130 100644
--- a/packages/sonataflow-operator/controllers/sonataflowbuild_controller_test.go
+++ b/packages/sonataflow-operator/internal/controller/sonataflowbuild_controller_test.go
@@ -17,7 +17,7 @@
* under the License.
-package controllers
+package controller
import (
diff --git a/packages/sonataflow-operator/controllers/sonataflowclusterplatform_controller.go b/packages/sonataflow-operator/internal/controller/sonataflowclusterplatform_controller.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/sonataflowclusterplatform_controller.go
rename to packages/sonataflow-operator/internal/controller/sonataflowclusterplatform_controller.go
index cea6386d203..242c720f131 100644
--- a/packages/sonataflow-operator/controllers/sonataflowclusterplatform_controller.go
+++ b/packages/sonataflow-operator/internal/controller/sonataflowclusterplatform_controller.go
@@ -13,18 +13,13 @@
// specific language governing permissions and limitations
// under the License.
-package controllers
+package controller
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- clientr "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/clusterplatform"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
corev1 "k8s.io/api/core/v1"
@@ -37,6 +32,12 @@ import (
ctrl "sigs.k8s.io/controller-runtime/pkg/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ clientr "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/clusterplatform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
// SonataFlowClusterPlatformReconciler reconciles a SonataFlowClusterPlatform object
@@ -134,7 +135,7 @@ func (r *SonataFlowClusterPlatformReconciler) SetupWithManager(mgr ctrlrun.Manag
// if actively referenced sonataflowplatform object is changed, reconcile the active SonataFlowClusterPlatform.
func (r *SonataFlowClusterPlatformReconciler) mapPlatformToClusterPlatformRequests(ctx context.Context, object client.Object) []reconcile.Request {
- sfcPlatform, err := clusterplatform.GetActiveClusterPlatform(ctx, r.Client)
+ sfcPlatform, err := clusterplatform.GetActiveClusterPlatform(ctx)
if err != nil && !errors.IsNotFound(err) {
klog.V(log.E).ErrorS(err, "Failed to get active SonataFlowClusterPlatform")
return nil
diff --git a/packages/sonataflow-operator/controllers/sonataflowplatform_controller.go b/packages/sonataflow-operator/internal/controller/sonataflowplatform_controller.go
similarity index 75%
rename from packages/sonataflow-operator/controllers/sonataflowplatform_controller.go
rename to packages/sonataflow-operator/internal/controller/sonataflowplatform_controller.go
index 7ec752561f5..1a87f072cd9 100644
--- a/packages/sonataflow-operator/controllers/sonataflowplatform_controller.go
+++ b/packages/sonataflow-operator/internal/controller/sonataflowplatform_controller.go
@@ -17,33 +17,43 @@
* under the License.
-package controllers
+package controller
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- clientr "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/clusterplatform"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform/services"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
+ sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/knative"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/monitoring"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
ctrlrun "sigs.k8s.io/controller-runtime"
ctrl "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ clientr "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/container-builder/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/clusterplatform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform/services"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/log"
// SonataFlowPlatformReconciler reconciles a SonataFlowPlatform object
@@ -114,10 +124,30 @@ func (r *SonataFlowPlatformReconciler) Reconcile(ctx context.Context, req reconc
target := instance.DeepCopy()
- if err = r.SonataFlowPlatformUpdateStatus(ctx, req, target); err != nil {
+ if err = r.updateIfActiveClusterPlatformExists(ctx, req, target); err != nil {
return reconcile.Result{}, err
+ // If the platform is being deleted, clean up the triggers on a different namespace
+ if instance.DeletionTimestamp != nil && controllerutil.ContainsFinalizer(&instance, constants.TriggerFinalizer) {
+ err := r.cleanupTriggers(ctx, &instance)
+ if err != nil {
+ klog.V(log.E).ErrorS(err, "Failed to clean up triggers for platform %s in namespace %s", instance.Name, instance.Namespace)
+ return reconcile.Result{}, err
+ }
+ return reconcile.Result{}, nil
+ }
+ if monitoring.IsMonitoringEnabled(&instance) {
+ monitoringAvail, err := monitoring.GetPrometheusAvailability(r.Config)
+ if err != nil {
+ return reconcile.Result{}, err
+ }
+ if !monitoringAvail {
+ r.Recorder.Event(&instance, corev1.EventTypeWarning, "PrometheusNotAvailable", fmt.Sprintf("Monitoring is enabled in platform %s, but Prometheus is not installed", instance.Name))
+ }
+ }
for _, a := range actions {
cli, _ := clientr.FromCtrlClientSchemeAndConfig(r.Client, r.Scheme, r.Config)
@@ -126,11 +156,14 @@ func (r *SonataFlowPlatformReconciler) Reconcile(ctx context.Context, req reconc
klog.V(log.I).InfoS("Invoking action", "Name", a.Name())
- target, err = a.Handle(ctx, target)
+ target, event, err := a.Handle(ctx, target)
+ if event != nil {
+ r.Recorder.Event(&instance, event.Type, event.Reason, event.Message)
+ }
if err != nil {
if target != nil {
target.Status.Manager().MarkFalse(api.SucceedConditionType, operatorapi.PlatformFailureReason, err.Error())
- if err := r.Client.Status().Patch(ctx, target, ctrl.MergeFrom(&instance)); err != nil {
+ if err = platform.SafeUpdatePlatformStatus(ctx, target); err != nil {
return reconcile.Result{}, err
@@ -140,14 +173,12 @@ func (r *SonataFlowPlatformReconciler) Reconcile(ctx context.Context, req reconc
if target != nil {
target.Status.ObservedGeneration = instance.Generation
- if err := r.Client.Status().Patch(ctx, target, ctrl.MergeFrom(&instance)); err != nil {
- r.Recorder.Event(&instance, corev1.EventTypeNormal, "Status Updated", fmt.Sprintf("Updated platform condition %s", instance.Status.GetTopLevelCondition()))
+ if err = platform.SafeUpdatePlatform(ctx, target); err != nil {
return reconcile.Result{}, err
- if err := r.Client.Update(ctx, target); err != nil {
- r.Recorder.Event(&instance, corev1.EventTypeNormal, "Spec Updated", fmt.Sprintf("Updated platform condition to %s", instance.Status.GetTopLevelCondition()))
+ err = platform.SafeUpdatePlatformStatus(ctx, target)
+ if err != nil {
return reconcile.Result{}, err
@@ -170,10 +201,26 @@ func (r *SonataFlowPlatformReconciler) Reconcile(ctx context.Context, req reconc
-// If an active cluster platform exists, update platform.Status accordingly
-func (r *SonataFlowPlatformReconciler) SonataFlowPlatformUpdateStatus(ctx context.Context, req reconcile.Request, target *operatorapi.SonataFlowPlatform) error {
+func (r *SonataFlowPlatformReconciler) cleanupTriggers(ctx context.Context, platform *operatorapi.SonataFlowPlatform) error {
+ for _, triggerRef := range platform.Status.Triggers {
+ trigger := &eventingv1.Trigger{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: triggerRef.Name,
+ Namespace: triggerRef.Namespace,
+ },
+ }
+ if err := r.Client.Delete(ctx, trigger); err != nil && !errors.IsNotFound(err) {
+ return err
+ }
+ }
+ controllerutil.RemoveFinalizer(platform, constants.TriggerFinalizer)
+ return r.Client.Update(ctx, platform)
+// sonataFlowPlatformUpdateStatus If an active cluster platform exists, update platform.Status accordingly
+func (r *SonataFlowPlatformReconciler) updateIfActiveClusterPlatformExists(ctx context.Context, req reconcile.Request, target *operatorapi.SonataFlowPlatform) error {
// Fetch the active SonataFlowClusterPlatform instance
- sfcPlatform, err := clusterplatform.GetActiveClusterPlatform(ctx, r.Client)
+ sfcPlatform, err := clusterplatform.GetActiveClusterPlatform(ctx)
if err != nil && !errors.IsNotFound(err) {
klog.V(log.E).ErrorS(err, "Failed to get active SonataFlowClusterPlatform")
return err
@@ -219,14 +266,24 @@ func (r *SonataFlowPlatformReconciler) SonataFlowPlatformUpdateStatus(ctx contex
// SetupWithManager sets up the controller with the Manager.
func (r *SonataFlowPlatformReconciler) SetupWithManager(mgr ctrlrun.Manager) error {
- return ctrlrun.NewControllerManagedBy(mgr).
+ builder := ctrlrun.NewControllerManagedBy(mgr).
Watches(&operatorapi.SonataFlowPlatform{}, handler.EnqueueRequestsFromMapFunc(r.mapPlatformToPlatformRequests)).
- Watches(&operatorapi.SonataFlowClusterPlatform{}, handler.EnqueueRequestsFromMapFunc(r.mapClusterPlatformToPlatformRequests)).
- Complete(r)
+ Watches(&operatorapi.SonataFlowClusterPlatform{}, handler.EnqueueRequestsFromMapFunc(r.mapClusterPlatformToPlatformRequests))
+ knativeAvail, err := knative.GetKnativeAvailability(mgr.GetConfig())
+ if err != nil {
+ return err
+ }
+ if knativeAvail.Eventing {
+ builder = builder.Owns(&eventingv1.Trigger{}).
+ Owns(&sourcesv1.SinkBinding{}).
+ Watches(&eventingv1.Trigger{}, handler.EnqueueRequestsFromMapFunc(knative.MapTriggerToPlatformRequests))
+ }
+ return builder.Complete(r)
// if active clusterplatform object is changed, reconcile all SonataFlowPlatforms in the cluster.
@@ -241,7 +298,7 @@ func (r *SonataFlowPlatformReconciler) mapClusterPlatformToPlatformRequests(ctx
// if actively referenced sonataflowplatform is changed, reconcile other SonataFlowPlatforms in the cluster.
func (r *SonataFlowPlatformReconciler) mapPlatformToPlatformRequests(ctx context.Context, object client.Object) []reconcile.Request {
platform := object.(*operatorapi.SonataFlowPlatform)
- sfcPlatform, err := clusterplatform.GetActiveClusterPlatform(ctx, r.Client)
+ sfcPlatform, err := clusterplatform.GetActiveClusterPlatform(ctx)
if err != nil && !errors.IsNotFound(err) {
klog.V(log.E).ErrorS(err, "Failed to get active SonataFlowClusterPlatform")
return nil
diff --git a/packages/sonataflow-operator/controllers/sonataflowplatform_controller_test.go b/packages/sonataflow-operator/internal/controller/sonataflowplatform_controller_test.go
similarity index 74%
rename from packages/sonataflow-operator/controllers/sonataflowplatform_controller_test.go
rename to packages/sonataflow-operator/internal/controller/sonataflowplatform_controller_test.go
index acc0aeba9f2..925d84a98f4 100644
--- a/packages/sonataflow-operator/controllers/sonataflowplatform_controller_test.go
+++ b/packages/sonataflow-operator/internal/controller/sonataflowplatform_controller_test.go
@@ -17,24 +17,31 @@
* under the License.
-package controllers
+package controller
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/clusterplatform"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/platform/services"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/profiles/common/constants"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
+ eventingv1 "knative.dev/eventing/pkg/apis/eventing/v1"
+ sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+ duckv1 "knative.dev/pkg/apis/duck/v1"
+ "knative.dev/pkg/kmeta"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/clusterplatform"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/platform/services"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/profiles/common/constants"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/test"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
var (
@@ -56,6 +63,7 @@ func TestSonataFlowPlatformController(t *testing.T) {
// Create a fake client to mock API calls.
cl := test.NewSonataFlowClientBuilder().WithRuntimeObjects(ksp).WithStatusSubresource(ksp).Build()
+ utils.SetClient(cl)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -88,11 +96,12 @@ func TestSonataFlowPlatformController(t *testing.T) {
// Create a SonataFlowPlatform object with metadata and spec.
ksp := test.GetBasePlatformInReadyPhase(namespace)
ksp.Spec.Services = &v1alpha08.ServicesPlatformSpec{
- DataIndex: &v1alpha08.ServiceSpec{},
+ DataIndex: &v1alpha08.DataIndexServiceSpec{},
// Create a fake client to mock API calls.
cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp).WithStatusSubresource(ksp).Build()
+ utils.SetClient(cl)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -167,20 +176,25 @@ func TestSonataFlowPlatformController(t *testing.T) {
ksp := test.GetBasePlatformInReadyPhase(namespace)
var replicas int32 = 2
ksp.Spec.Services = &v1alpha08.ServicesPlatformSpec{
- DataIndex: &v1alpha08.ServiceSpec{
- PodTemplate: v1alpha08.PodTemplateSpec{
- Replicas: &replicas,
- Container: v1alpha08.ContainerSpec{
- Command: []string{"test:latest"},
+ DataIndex: &v1alpha08.DataIndexServiceSpec{
+ ServiceSpec: v1alpha08.ServiceSpec{
+ PodTemplate: v1alpha08.PodTemplateSpec{
+ Replicas: &replicas,
+ Container: v1alpha08.ContainerSpec{
+ Command: []string{"test:latest"},
+ },
+ Source: nil,
- di := services.NewDataIndexHandler(ksp)
// Create a fake client to mock API calls.
cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp).WithStatusSubresource(ksp).Build()
+ utils.SetClient(cl)
+ di := services.NewDataIndexHandler(ksp)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -260,8 +274,20 @@ func TestSonataFlowPlatformController(t *testing.T) {
// Check with persistence set
ksp.Spec = v1alpha08.SonataFlowPlatformSpec{
Services: &v1alpha08.ServicesPlatformSpec{
- DataIndex: &v1alpha08.ServiceSpec{},
- JobService: &v1alpha08.ServiceSpec{},
+ DataIndex: &v1alpha08.DataIndexServiceSpec{
+ ServiceSpec: v1alpha08.ServiceSpec{
+ Persistence: &v1alpha08.PersistenceOptionsSpec{
+ MigrateDBOnStartUp: false,
+ },
+ },
+ },
+ JobService: &v1alpha08.JobServiceServiceSpec{
+ ServiceSpec: v1alpha08.ServiceSpec{
+ Persistence: &v1alpha08.PersistenceOptionsSpec{
+ MigrateDBOnStartUp: false,
+ },
+ },
+ },
Persistence: &v1alpha08.PlatformPersistenceOptionsSpec{
PostgreSQL: &v1alpha08.PlatformPersistencePostgreSQL{
@@ -277,6 +303,7 @@ func TestSonataFlowPlatformController(t *testing.T) {
// Create a fake client to mock API calls.
cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp).WithStatusSubresource(ksp).Build()
+ utils.SetClient(cl)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -354,19 +381,23 @@ func TestSonataFlowPlatformController(t *testing.T) {
urlJS := "jdbc:postgresql://localhost:5432/database?currentSchema=job-service"
ksp.Spec = v1alpha08.SonataFlowPlatformSpec{
Services: &v1alpha08.ServicesPlatformSpec{
- DataIndex: &v1alpha08.ServiceSpec{
- Persistence: &v1alpha08.PersistenceOptionsSpec{
- PostgreSQL: &v1alpha08.PersistencePostgreSQL{
- SecretRef: v1alpha08.PostgreSQLSecretOptions{Name: "dataIndex"},
- JdbcUrl: urlDI,
+ DataIndex: &v1alpha08.DataIndexServiceSpec{
+ ServiceSpec: v1alpha08.ServiceSpec{
+ Persistence: &v1alpha08.PersistenceOptionsSpec{
+ PostgreSQL: &v1alpha08.PersistencePostgreSQL{
+ SecretRef: v1alpha08.PostgreSQLSecretOptions{Name: "dataIndex"},
+ JdbcUrl: urlDI,
+ },
- JobService: &v1alpha08.ServiceSpec{
- Persistence: &v1alpha08.PersistenceOptionsSpec{
- PostgreSQL: &v1alpha08.PersistencePostgreSQL{
- SecretRef: v1alpha08.PostgreSQLSecretOptions{Name: "job"},
- JdbcUrl: urlJS,
+ JobService: &v1alpha08.JobServiceServiceSpec{
+ ServiceSpec: v1alpha08.ServiceSpec{
+ Persistence: &v1alpha08.PersistenceOptionsSpec{
+ PostgreSQL: &v1alpha08.PersistencePostgreSQL{
+ SecretRef: v1alpha08.PostgreSQLSecretOptions{Name: "job"},
+ JdbcUrl: urlJS,
+ },
@@ -381,6 +412,7 @@ func TestSonataFlowPlatformController(t *testing.T) {
// Create a fake client to mock API calls.
cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp).WithStatusSubresource(ksp).Build()
+ utils.SetClient(cl)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -467,11 +499,12 @@ func TestSonataFlowPlatformController(t *testing.T) {
// Create a SonataFlowPlatform object with metadata and spec.
ksp := test.GetBasePlatformInReadyPhase(namespace)
ksp.Spec.Services = &v1alpha08.ServicesPlatformSpec{
- JobService: &v1alpha08.ServiceSpec{},
+ JobService: &v1alpha08.JobServiceServiceSpec{},
// Create a fake client to mock API calls.
cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp).WithStatusSubresource(ksp).Build()
+ utils.SetClient(cl)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -544,20 +577,22 @@ func TestSonataFlowPlatformController(t *testing.T) {
ksp := test.GetBasePlatformInReadyPhase(namespace)
var replicas int32 = 2
ksp.Spec.Services = &v1alpha08.ServicesPlatformSpec{
- JobService: &v1alpha08.ServiceSpec{
- PodTemplate: v1alpha08.PodTemplateSpec{
- Replicas: &replicas,
- Container: v1alpha08.ContainerSpec{
- Command: []string{"test:latest"},
+ JobService: &v1alpha08.JobServiceServiceSpec{
+ ServiceSpec: v1alpha08.ServiceSpec{
+ PodTemplate: v1alpha08.PodTemplateSpec{
+ Replicas: &replicas,
+ Container: v1alpha08.ContainerSpec{
+ Command: []string{"test:latest"},
+ },
- js := services.NewJobServiceHandler(ksp)
// Create a fake client to mock API calls.
cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp).WithStatusSubresource(ksp).Build()
+ utils.SetClient(cl)
+ js := services.NewJobServiceHandler(ksp)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -625,14 +660,15 @@ func TestSonataFlowPlatformController(t *testing.T) {
// Create a SonataFlowPlatform object with metadata and spec.
ksp := test.GetBasePlatformInReadyPhase(namespace)
ksp.Spec.Services = &v1alpha08.ServicesPlatformSpec{
- DataIndex: &v1alpha08.ServiceSpec{},
- JobService: &v1alpha08.ServiceSpec{},
+ DataIndex: &v1alpha08.DataIndexServiceSpec{},
+ JobService: &v1alpha08.JobServiceServiceSpec{},
- di := services.NewDataIndexHandler(ksp)
- js := services.NewJobServiceHandler(ksp)
// Create a fake client to mock API calls.
cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp).WithStatusSubresource(ksp).Build()
+ utils.SetClient(cl)
+ di := services.NewDataIndexHandler(ksp)
+ js := services.NewJobServiceHandler(ksp)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -693,14 +729,15 @@ func TestSonataFlowPlatformController(t *testing.T) {
// Create a SonataFlowPlatform object with metadata and spec.
ksp := test.GetBasePlatformInReadyPhase(namespace)
ksp.Spec.Services = &v1alpha08.ServicesPlatformSpec{
- DataIndex: &v1alpha08.ServiceSpec{},
- JobService: &v1alpha08.ServiceSpec{},
+ DataIndex: &v1alpha08.DataIndexServiceSpec{},
+ JobService: &v1alpha08.JobServiceServiceSpec{},
ksp2 := test.GetBasePlatformInReadyPhase(namespace)
ksp2.Name = "ksp2"
// Create a fake client to mock API calls.
cl := test.NewSonataFlowClientBuilder().WithRuntimeObjects(kscp, ksp, ksp2).WithStatusSubresource(kscp, ksp, ksp2).Build()
+ utils.SetClient(cl)
// Create a SonataFlowPlatformReconciler object with the scheme and fake client.
r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
@@ -827,4 +864,192 @@ func TestSonataFlowPlatformController(t *testing.T) {
assert.NotNil(t, ksp2.Status.ClusterPlatformRef)
assert.Nil(t, ksp2.Status.ClusterPlatformRef.Services)
+ t.Run("verify that knative resources creation for job service and data index service with platform level broker is performed without error", func(t *testing.T) {
+ namespace := t.Name()
+ // Create a SonataFlowPlatform object with metadata and spec.
+ ksp := test.GetBasePlatformWithBrokerInReadyPhase(namespace)
+ broker := test.GetDefaultBroker(namespace)
+ brokerName := broker.Name
+ // Create a fake client to mock API calls.
+ cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp, broker).WithStatusSubresource(ksp, broker).Build()
+ utils.SetClient(cl)
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
+ // Create a SonataFlowPlatformReconciler object with the scheme and fake client.
+ r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
+ // Mock request to simulate Reconcile() being called on an event for a
+ // watched resource .
+ req := reconcile.Request{
+ NamespacedName: types.NamespacedName{
+ Name: ksp.Name,
+ Namespace: ksp.Namespace,
+ },
+ }
+ _, err := r.Reconcile(context.TODO(), req)
+ if err != nil && err.Error() != "waiting for K_SINK injection for service sonataflow-platform-jobs-service to complete" {
+ t.Fatalf("reconcile: (%v)", err)
+ }
+ assert.NoError(t, cl.Get(context.TODO(), types.NamespacedName{Name: ksp.Name, Namespace: ksp.Namespace}, ksp))
+ // Perform some checks on the created CR
+ assert.Equal(t, "docker.io/apache", ksp.Spec.Build.Config.Registry.Address)
+ assert.Equal(t, "regcred", ksp.Spec.Build.Config.Registry.Secret)
+ assert.Equal(t, v1alpha08.OperatorBuildStrategy, ksp.Spec.Build.Config.BuildStrategy)
+ assert.NotNil(t, ksp.Spec.Eventing)
+ assert.NotNil(t, ksp.Spec.Eventing.Broker)
+ assert.NotNil(t, ksp.Spec.Eventing.Broker.Ref)
+ assert.Equal(t, ksp.Spec.Eventing.Broker.Ref.Name, brokerName)
+ assert.NotNil(t, ksp.Spec.Services.DataIndex)
+ assert.NotNil(t, ksp.Spec.Services.DataIndex.Enabled)
+ assert.Equal(t, true, *ksp.Spec.Services.DataIndex.Enabled)
+ assert.NotNil(t, ksp.Spec.Services.JobService)
+ assert.NotNil(t, ksp.Spec.Services.JobService.Enabled)
+ assert.Equal(t, true, *ksp.Spec.Services.JobService.Enabled)
+ assert.Equal(t, v1alpha08.PlatformClusterKubernetes, ksp.Status.Cluster)
+ assert.Equal(t, "", ksp.Status.GetTopLevelCondition().Reason)
+ // Check Triggers
+ trigger := &eventingv1.Trigger{}
+ validateTrigger(t, cl, "jobs-service-create-job-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "jobs-service-delete-job-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "data-index-jobs-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "jobs-service-create-job-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "data-index-process-definition-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "data-index-process-error-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "data-index-process-node-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "data-index-process-sla-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "data-index-process-state-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "data-index-process-variable-", ksp.Namespace, ksp, trigger)
+ // Check SinkBinding
+ sinkBinding := &sourcesv1.SinkBinding{}
+ assert.NoError(t, cl.Get(context.TODO(), types.NamespacedName{Name: "sonataflow-platform-jobs-service-sb", Namespace: ksp.Namespace}, sinkBinding))
+ })
+ t.Run("verify that knative resources creation for job service and data index service with services level brokers is performed without error", func(t *testing.T) {
+ namespace := t.Name()
+ // Create a SonataFlowPlatform object with metadata and spec.
+ ksp := test.GetBasePlatformWithBrokerInReadyPhase(namespace)
+ brokerName := "default"
+ brokerNameDataIndexSource := "broker-di-source"
+ brokerNameJobsServiceSource := "broker-jobs-source"
+ brokerNameJobsServiceSink := "broker-jobs-sink"
+ broker := test.GetDefaultBroker(namespace)
+ brokerDataIndexSource := test.GetDefaultBroker(namespace)
+ brokerDataIndexSource.Name = brokerNameDataIndexSource
+ brokerJobsServiceSource := test.GetDefaultBroker(namespace)
+ brokerJobsServiceSource.Name = brokerNameJobsServiceSource
+ brokerJobsServiceSink := test.GetDefaultBroker(namespace)
+ brokerJobsServiceSink.Name = brokerNameJobsServiceSink
+ ksp.Spec.Services.DataIndex.Source = &duckv1.Destination{
+ Ref: &duckv1.KReference{
+ Name: brokerNameDataIndexSource,
+ Namespace: namespace,
+ APIVersion: "eventing.knative.dev/v1",
+ Kind: "Broker",
+ },
+ }
+ ksp.Spec.Services.JobService.Sink = &duckv1.Destination{
+ Ref: &duckv1.KReference{
+ Name: brokerNameJobsServiceSink,
+ Namespace: namespace,
+ APIVersion: "eventing.knative.dev/v1",
+ Kind: "Broker",
+ },
+ }
+ ksp.Spec.Services.JobService.Source = &duckv1.Destination{
+ Ref: &duckv1.KReference{
+ Name: brokerNameJobsServiceSource,
+ Namespace: namespace,
+ APIVersion: "eventing.knative.dev/v1",
+ Kind: "Broker",
+ },
+ }
+ // Create a fake client to mock API calls.
+ cl := test.NewKogitoClientBuilderWithOpenShift().WithRuntimeObjects(ksp, broker, brokerDataIndexSource, brokerJobsServiceSource, brokerJobsServiceSink).WithStatusSubresource(ksp, broker, brokerDataIndexSource, brokerJobsServiceSource, brokerJobsServiceSink).Build()
+ utils.SetClient(cl)
+ utils.SetDiscoveryClient(test.CreateFakeKnativeAndMonitoringDiscoveryClient())
+ // Create a SonataFlowPlatformReconciler object with the scheme and fake client.
+ r := &SonataFlowPlatformReconciler{cl, cl, cl.Scheme(), &rest.Config{}, &record.FakeRecorder{}}
+ // Mock request to simulate Reconcile() being called on an event for a
+ // watched resource .
+ req := reconcile.Request{
+ NamespacedName: types.NamespacedName{
+ Name: ksp.Name,
+ Namespace: ksp.Namespace,
+ },
+ }
+ _, err := r.Reconcile(context.TODO(), req)
+ if err != nil && err.Error() != "waiting for K_SINK injection for service sonataflow-platform-jobs-service to complete" {
+ t.Fatalf("reconcile: (%v)", err)
+ }
+ assert.NoError(t, cl.Get(context.TODO(), types.NamespacedName{Name: ksp.Name, Namespace: ksp.Namespace}, ksp))
+ // Perform some checks on the created CR
+ assert.Equal(t, "docker.io/apache", ksp.Spec.Build.Config.Registry.Address)
+ assert.Equal(t, "regcred", ksp.Spec.Build.Config.Registry.Secret)
+ assert.Equal(t, v1alpha08.OperatorBuildStrategy, ksp.Spec.Build.Config.BuildStrategy)
+ assert.NotNil(t, ksp.Spec.Eventing)
+ assert.NotNil(t, ksp.Spec.Eventing.Broker)
+ assert.NotNil(t, ksp.Spec.Eventing.Broker.Ref)
+ assert.Equal(t, ksp.Spec.Eventing.Broker.Ref.Name, brokerName)
+ assert.NotNil(t, ksp.Spec.Services.DataIndex)
+ assert.NotNil(t, ksp.Spec.Services.DataIndex.Enabled)
+ assert.Equal(t, true, *ksp.Spec.Services.DataIndex.Enabled)
+ assert.NotNil(t, ksp.Spec.Services.DataIndex.Source)
+ assert.NotNil(t, ksp.Spec.Services.DataIndex.Source.Ref)
+ assert.Equal(t, ksp.Spec.Services.DataIndex.Source.Ref.Name, brokerNameDataIndexSource)
+ assert.NotNil(t, ksp.Spec.Services.JobService)
+ assert.NotNil(t, ksp.Spec.Services.JobService.Enabled)
+ assert.Equal(t, true, *ksp.Spec.Services.JobService.Enabled)
+ assert.NotNil(t, ksp.Spec.Services.JobService.Source)
+ assert.NotNil(t, ksp.Spec.Services.JobService.Source.Ref)
+ assert.Equal(t, ksp.Spec.Services.JobService.Source.Ref.Name, brokerNameJobsServiceSource)
+ assert.NotNil(t, ksp.Spec.Services.JobService.Sink)
+ assert.NotNil(t, ksp.Spec.Services.JobService.Sink.Ref)
+ assert.Equal(t, ksp.Spec.Services.JobService.Sink.Ref.Name, brokerNameJobsServiceSink)
+ assert.Equal(t, v1alpha08.PlatformClusterKubernetes, ksp.Status.Cluster)
+ assert.Equal(t, "", ksp.Status.GetTopLevelCondition().Reason)
+ // Check Triggers to have the service level source used
+ trigger := &eventingv1.Trigger{}
+ validateTrigger(t, cl, "jobs-service-create-job-", ksp.Namespace, ksp, trigger)
+ assert.Equal(t, trigger.Spec.Broker, brokerNameJobsServiceSource)
+ validateTrigger(t, cl, "jobs-service-delete-job-", ksp.Namespace, ksp, trigger)
+ assert.Equal(t, trigger.Spec.Broker, brokerNameJobsServiceSource)
+ validateTrigger(t, cl, "data-index-jobs-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "jobs-service-create-job-", ksp.Namespace, ksp, trigger)
+ validateTrigger(t, cl, "data-index-process-definition-", ksp.Namespace, ksp, trigger)
+ assert.Equal(t, trigger.Spec.Broker, brokerNameDataIndexSource)
+ validateTrigger(t, cl, "data-index-process-error-", ksp.Namespace, ksp, trigger)
+ assert.Equal(t, trigger.Spec.Broker, brokerNameDataIndexSource)
+ validateTrigger(t, cl, "data-index-process-node-", ksp.Namespace, ksp, trigger)
+ assert.Equal(t, trigger.Spec.Broker, brokerNameDataIndexSource)
+ validateTrigger(t, cl, "data-index-process-sla-", ksp.Namespace, ksp, trigger)
+ assert.Equal(t, trigger.Spec.Broker, brokerNameDataIndexSource)
+ validateTrigger(t, cl, "data-index-process-state-", ksp.Namespace, ksp, trigger)
+ assert.Equal(t, trigger.Spec.Broker, brokerNameDataIndexSource)
+ validateTrigger(t, cl, "data-index-process-variable-", ksp.Namespace, ksp, trigger)
+ assert.Equal(t, trigger.Spec.Broker, brokerNameDataIndexSource)
+ // Check SinkBinding to have the sink level source used
+ sinkBinding := &sourcesv1.SinkBinding{}
+ assert.NoError(t, cl.Get(context.TODO(), types.NamespacedName{Name: "sonataflow-platform-jobs-service-sb", Namespace: ksp.Namespace}, sinkBinding))
+ assert.NotNil(t, sinkBinding.Spec.Sink)
+ assert.NotNil(t, sinkBinding.Spec.Sink.Ref)
+ assert.Equal(t, sinkBinding.Spec.Sink.Ref.Name, brokerNameJobsServiceSink)
+ })
+func validateTrigger(t *testing.T, cl client.WithWatch, prefix string, namespace string, ksp *v1alpha08.SonataFlowPlatform, trigger *eventingv1.Trigger) {
+ assert.NoError(t, cl.Get(context.TODO(), types.NamespacedName{Name: kmeta.ChildName(prefix, string(ksp.GetUID())), Namespace: namespace}, trigger))
diff --git a/packages/sonataflow-operator/controllers/suite_test.go b/packages/sonataflow-operator/internal/controller/suite_test.go
similarity index 95%
rename from packages/sonataflow-operator/controllers/suite_test.go
rename to packages/sonataflow-operator/internal/controller/suite_test.go
index 4bfcb97ffb0..48e7bcde8bb 100644
--- a/packages/sonataflow-operator/controllers/suite_test.go
+++ b/packages/sonataflow-operator/internal/controller/suite_test.go
@@ -17,7 +17,7 @@
* under the License.
-package controllers
+package controller
import (
@@ -50,7 +50,7 @@ func TestAPIs(t *testing.T) {
var _ = BeforeSuite(func() {
By("bootstrapping test environment")
testEnv = &envtest.Environment{
- CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")},
+ CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")},
ErrorIfCRDPathMissing: true,
diff --git a/packages/sonataflow-operator/controllers/workflowdef/configmap.go b/packages/sonataflow-operator/internal/controller/workflowdef/configmap.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/workflowdef/configmap.go
rename to packages/sonataflow-operator/internal/controller/workflowdef/configmap.go
diff --git a/packages/sonataflow-operator/controllers/workflowdef/image.go b/packages/sonataflow-operator/internal/controller/workflowdef/image.go
similarity index 92%
rename from packages/sonataflow-operator/controllers/workflowdef/image.go
rename to packages/sonataflow-operator/internal/controller/workflowdef/image.go
index e182cd380a3..696425ff08e 100644
--- a/packages/sonataflow-operator/controllers/workflowdef/image.go
+++ b/packages/sonataflow-operator/internal/controller/workflowdef/image.go
@@ -22,19 +22,18 @@ package workflowdef
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/controllers/cfg"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/utils"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/internal/controller/cfg"
const (
- latestImageTag = "latest"
defaultWorkflowDevModeImage = "docker.io/apache/incubator-kie-sonataflow-devmode"
defaultWorkflowBuilderImage = "docker.io/apache/incubator-kie-sonataflow-builder"
-// These image names and tags are auto-replaced using environment variables during install, don't touch.
// GetWorkflowAppImageNameTag returns the image name with tag to use for the image to be produced for a given workflow.
// Before, we generated the tags based on the workflow version annotation, however this produced the following undesired
// effects. Empirically, it was detected that, if we deploy a workflow several times, for instance, the workflow is deleted
@@ -48,7 +47,7 @@ const (
// not for "production" scenarios, we decided to use "latest" as the tag. In that way, we ensure that the last image
// produced bits will be used to execute a given workflow.
func GetWorkflowAppImageNameTag(w *v1alpha08.SonataFlow) string {
- return w.Name + ":" + latestImageTag
+ return w.Name + ":" + utils.LatestImageTag
func GetDefaultWorkflowDevModeImageTag() string {
@@ -66,5 +65,5 @@ func GetDefaultWorkflowBuilderImageTag() string {
func GetDefaultImageTag(imgTag string) string {
- return fmt.Sprintf("%s:%s", imgTag, version.GetTagVersion())
+ return fmt.Sprintf("%s:%s", imgTag, version.GetImageTagVersion())
diff --git a/packages/sonataflow-operator/controllers/workflowdef/json.go b/packages/sonataflow-operator/internal/controller/workflowdef/json.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/workflowdef/json.go
rename to packages/sonataflow-operator/internal/controller/workflowdef/json.go
diff --git a/packages/sonataflow-operator/controllers/workflowdef/json_test.go b/packages/sonataflow-operator/internal/controller/workflowdef/json_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/workflowdef/json_test.go
rename to packages/sonataflow-operator/internal/controller/workflowdef/json_test.go
diff --git a/packages/sonataflow-operator/controllers/workflowdef/services.go b/packages/sonataflow-operator/internal/controller/workflowdef/services.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/workflowdef/services.go
rename to packages/sonataflow-operator/internal/controller/workflowdef/services.go
index 53b6b8f4147..e26457a0547 100644
--- a/packages/sonataflow-operator/controllers/workflowdef/services.go
+++ b/packages/sonataflow-operator/internal/controller/workflowdef/services.go
@@ -18,8 +18,9 @@
package workflowdef
import (
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
cncfmodel "github.com/serverlessworkflow/sdk-go/v2/model"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
func ContainsEventKind(workflow *operatorapi.SonataFlow, eventKind cncfmodel.EventKind) bool {
diff --git a/packages/sonataflow-operator/controllers/workflowdef/utils.go b/packages/sonataflow-operator/internal/controller/workflowdef/utils.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/workflowdef/utils.go
rename to packages/sonataflow-operator/internal/controller/workflowdef/utils.go
index 273d1107092..0618bdb2252 100644
--- a/packages/sonataflow-operator/controllers/workflowdef/utils.go
+++ b/packages/sonataflow-operator/internal/controller/workflowdef/utils.go
@@ -20,8 +20,9 @@
package workflowdef
import (
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
// HasTimeouts returns true if current workflow has configured any of the SonataFlow supported timeouts, false
diff --git a/packages/sonataflow-operator/controllers/workflowdef/utils_suite_test.go b/packages/sonataflow-operator/internal/controller/workflowdef/utils_suite_test.go
similarity index 100%
rename from packages/sonataflow-operator/controllers/workflowdef/utils_suite_test.go
rename to packages/sonataflow-operator/internal/controller/workflowdef/utils_suite_test.go
diff --git a/packages/sonataflow-operator/controllers/workflowdef/utils_test.go b/packages/sonataflow-operator/internal/controller/workflowdef/utils_test.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/workflowdef/utils_test.go
rename to packages/sonataflow-operator/internal/controller/workflowdef/utils_test.go
index c2a375a49e2..ae516464dc4 100644
--- a/packages/sonataflow-operator/controllers/workflowdef/utils_test.go
+++ b/packages/sonataflow-operator/internal/controller/workflowdef/utils_test.go
@@ -20,10 +20,11 @@
package workflowdef
import (
- operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
cncfmodel "github.com/serverlessworkflow/sdk-go/v2/model"
+ operatorapi "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
var (
diff --git a/packages/sonataflow-operator/controllers/workflows/workflows.go b/packages/sonataflow-operator/internal/controller/workflows/workflows.go
similarity index 99%
rename from packages/sonataflow-operator/controllers/workflows/workflows.go
rename to packages/sonataflow-operator/internal/controller/workflows/workflows.go
index ddc45af2282..7895b54cf29 100644
--- a/packages/sonataflow-operator/controllers/workflows/workflows.go
+++ b/packages/sonataflow-operator/internal/controller/workflows/workflows.go
@@ -20,10 +20,11 @@ package workflows
import (
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
- "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api"
+ "github.com/apache/incubator-kie-tools/packages/sonataflow-operator/api/v1alpha08"
var _ WorkflowManager = &workflowManager{}
diff --git a/packages/sonataflow-operator/operator.yaml b/packages/sonataflow-operator/operator.yaml
index f52d204b948..13ff0f24046 100644
--- a/packages/sonataflow-operator/operator.yaml
+++ b/packages/sonataflow-operator/operator.yaml
@@ -26,8 +26,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.16.4
name: sonataflowbuilds.sonataflow.org
group: sonataflow.org
@@ -56,14 +55,19 @@ spec:
build instances in the target platform
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
type: object
@@ -71,10 +75,11 @@ spec:
description: SonataFlowBuildSpec define the desired state of th SonataFlowBuild.
- description: 'Arguments lists the command line arguments to send to
- the internal builder command. Depending on the build method you
- might set this attribute instead of BuildArgs. For example: ".spec.arguments=verbose=3".
- Please see the SonataFlow guides.'
+ description: |-
+ Arguments lists the command line arguments to send to the internal builder command.
+ Depending on the build method you might set this attribute instead of BuildArgs.
+ For example: ".spec.arguments=verbose=3".
+ Please see the SonataFlow guides.
type: string
type: array
@@ -89,15 +94,16 @@ spec:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
- description: 'Variable references $(VAR_NAME) are expanded using
- the previously defined environment variables in the container
- and any service environment variables. If a variable cannot
- be resolved, the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
- string literal "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable exists or
- not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
description: Source for the environment variable's value. Cannot
@@ -110,9 +116,13 @@ spec:
description: The key to select.
type: string
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the ConfigMap or its key
@@ -123,10 +133,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs."
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
description: Version of the schema the FieldPath is
@@ -141,10 +150,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported."
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
description: "Container name: required for volumes,
@@ -173,9 +181,13 @@ spec:
be a valid secret key.
type: string
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the Secret or its key must
@@ -201,15 +213,16 @@ spec:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
- description: 'Variable references $(VAR_NAME) are expanded using
- the previously defined environment variables in the container
- and any service environment variables. If a variable cannot
- be resolved, the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the
- string literal "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable exists or
- not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
description: Source for the environment variable's value. Cannot
@@ -222,9 +235,13 @@ spec:
description: The key to select.
type: string
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the ConfigMap or its key
@@ -235,10 +252,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a field of the pod: supports metadata.name,
- metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP,
- status.podIP, status.podIPs."
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
description: Version of the schema the FieldPath is
@@ -253,10 +269,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a resource of the container: only
- resources limits and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu, requests.memory
- and requests.ephemeral-storage) are currently supported."
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
description: "Container name: required for volumes,
@@ -285,9 +300,13 @@ spec:
be a valid secret key.
type: string
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the Secret or its key must
@@ -307,18 +326,28 @@ spec:
the builder
- description: "Claims lists the names of resources, defined in
- spec.resourceClaims, that are used by this container. \n This
- is an alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It can only be set
- for containers."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+ This field is immutable. It can only be set for containers.
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- description: Name must match the name of one entry in pod.spec.resourceClaims
- of the Pod where this field is used. It makes that resource
- available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
type: string
- name
@@ -334,8 +363,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of compute resources
- allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
@@ -344,18 +374,19 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount of compute
- resources required. If Requests is omitted for a container,
- it defaults to Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
- description: Timeout defines the Build maximum execution duration.
- The Build deadline is set to the Build start time plus the Timeout
- duration. If the Build deadline is exceeded, the Build context is
- canceled, and its phase set to BuildPhaseFailed.
+ description: |-
+ Timeout defines the Build maximum execution duration.
+ The Build deadline is set to the Build start time plus the Timeout duration.
+ If the Build deadline is exceeded, the Build context is canceled,
+ and its phase set to BuildPhaseFailed.
format: duration
type: string
type: object
@@ -387,8 +418,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.16.4
name: sonataflowclusterplatforms.sonataflow.org
group: sonataflow.org
@@ -419,14 +449,19 @@ spec:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
type: object
@@ -515,8 +550,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
- controller-gen.kubebuilder.io/version: v0.9.2
- creationTimestamp: null
+ controller-gen.kubebuilder.io/version: v0.16.4
name: sonataflowplatforms.sonataflow.org
group: sonataflow.org
@@ -548,14 +582,19 @@ spec:
- description: "APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
- description: "Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
type: object
@@ -571,9 +610,9 @@ spec:
- description: a base image that can be used as base layer for
- all images. It can be useful if you want to provide some
- custom base image with further utility software
+ description: |-
+ a base image that can be used as base layer for all images.
+ It can be useful if you want to provide some custom base image with further utility software
type: string
description: Registry the registry where to publish the built
@@ -598,16 +637,17 @@ spec:
type: string
type: object
- description: BuildStrategy to use to build workflows in the
- platform. Usually, the operator elect the strategy based
- on the platform. Note that this field might be read only
- in certain scenarios.
+ description: |-
+ BuildStrategy to use to build workflows in the platform.
+ Usually, the operator elect the strategy based on the platform.
+ Note that this field might be read only in certain scenarios.
type: string
type: string
- description: BuildStrategyOptions additional options to add
- to the build strategy. See https://sonataflow.org/serverlessworkflow/main/cloud/operator/build-and-deploy-workflows.html
+ description: |-
+ BuildStrategyOptions additional options to add to the build strategy.
+ See https://sonataflow.org/serverlessworkflow/main/cloud/operator/build-and-deploy-workflows.html
type: object
description: how much time to wait before time out the build
@@ -619,11 +659,11 @@ spec:
Base for the internal SonataFlowBuild resource.
- description: 'Arguments lists the command line arguments to
- send to the internal builder command. Depending on the build
- method you might set this attribute instead of BuildArgs.
- For example: ".spec.arguments=verbose=3". Please see the
- SonataFlow guides.'
+ description: |-
+ Arguments lists the command line arguments to send to the internal builder command.
+ Depending on the build method you might set this attribute instead of BuildArgs.
+ For example: ".spec.arguments=verbose=3".
+ Please see the SonataFlow guides.
type: string
type: array
@@ -639,16 +679,16 @@ spec:
type: string
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables
- in the container and any service environment variables.
- If a variable cannot be resolved, the reference in
- the input string will be unchanged. Double $$ are
- reduced to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether the
- variable exists or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
description: Source for the environment variable's value.
@@ -661,10 +701,13 @@ spec:
description: The key to select.
type: string
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the ConfigMap or
@@ -675,11 +718,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
description: Version of the schema the FieldPath
@@ -694,11 +735,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
description: "Container name: required for volumes,
@@ -728,10 +767,13 @@ spec:
from. Must be a valid secret key.
type: string
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the Secret or its
@@ -758,16 +800,16 @@ spec:
type: string
- description: 'Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables
- in the container and any service environment variables.
- If a variable cannot be resolved, the reference in
- the input string will be unchanged. Double $$ are
- reduced to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
- the string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether the
- variable exists or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
description: Source for the environment variable's value.
@@ -780,10 +822,13 @@ spec:
description: The key to select.
type: string
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the ConfigMap or
@@ -794,11 +839,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a field of the pod: supports
- metadata.name, metadata.namespace, `metadata.labels['']`,
- `metadata.annotations['']`, spec.nodeName,
- spec.serviceAccountName, status.hostIP, status.podIP,
- status.podIPs."
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
description: Version of the schema the FieldPath
@@ -813,11 +856,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a resource of the container:
- only resources limits and requests (limits.cpu,
- limits.memory, limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
description: "Container name: required for volumes,
@@ -847,10 +888,13 @@ spec:
from. Must be a valid secret key.
type: string
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the Secret or its
@@ -870,20 +914,29 @@ spec:
for the builder
- description: "Claims lists the names of resources, defined
- in spec.resourceClaims, that are used by this container.
- \n This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate. \n This field
- is immutable. It can only be set for containers."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+ This field is immutable. It can only be set for containers.
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
- description: Name must match the name of one entry
- in pod.spec.resourceClaims of the Pod where this
- field is used. It makes that resource available
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
inside a container.
type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
- name
type: object
@@ -898,8 +951,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount of compute
- resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
@@ -908,18 +962,19 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount of
- compute resources required. If Requests is omitted for
- a container, it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined value.
- Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
- description: Timeout defines the Build maximum execution duration.
- The Build deadline is set to the Build start time plus the
- Timeout duration. If the Build deadline is exceeded, the
- Build context is canceled, and its phase set to BuildPhaseFailed.
+ description: |-
+ Timeout defines the Build maximum execution duration.
+ The Build deadline is set to the Build start time plus the Timeout duration.
+ If the Build deadline is exceeded, the Build context is canceled,
+ and its phase set to BuildPhaseFailed.
format: duration
type: string
type: object
@@ -933,11 +988,85 @@ spec:
of the operator's default.
type: string
type: object
+ eventing:
+ description: Eventing describes the information required for Knative
+ Eventing integration in the platform.
+ properties:
+ broker:
+ description: Broker to communicate with workflow deployment. It
+ can be the default broker when the workflow, Dataindex, or Jobservice
+ does not have a sink or source specified.
+ properties:
+ CACerts:
+ description: |-
+ CACerts are Certification Authority (CA) certificates in PEM format
+ according to https://www.rfc-editor.org/rfc/rfc7468.
+ If set, these CAs are appended to the set of CAs provided
+ by the Addressable target, if any.
+ type: string
+ audience:
+ description: |-
+ Audience is the OIDC audience.
+ This need only be set, if the target is not an Addressable
+ and thus the Audience can't be received from the Addressable itself.
+ In case the Addressable specifies an Audience too, the Destinations
+ Audience takes preference.
+ type: string
+ ref:
+ description: Ref points to an Addressable.
+ properties:
+ address:
+ description: Address points to a specific Address Name.
+ type: string
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ group:
+ description: |-
+ Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup.
+ Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086
+ type: string
+ kind:
+ description: |-
+ Kind of the referent.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ namespace:
+ description: |-
+ Namespace of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+ This is optional field, it gets defaulted to the object holding it if left out.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ uri:
+ description: URI can be an absolute URL(non-empty scheme and
+ non-empty host) pointing to the target or a relative URI.
+ Relative URIs will be resolved using the base URI retrieved
+ from Ref.
+ type: string
+ type: object
+ type: object
+ monitoring:
+ description: Settings for Prometheus monitoring
+ properties:
+ enabled:
+ description: Enabled indicates whether monitoring with Prometheus
+ metrics is enabled
+ type: boolean
+ type: object
- description: Persistence defines the platform persistence configuration.
- When this field is set, the configuration is used as the persistence
- for platform services and SonataFlow instances that don't provide
- one of their own.
+ description: |-
+ Persistence defines the platform persistence configuration. When this field is set,
+ the configuration is used as the persistence for platform services and SonataFlow instances
+ that don't provide one of their own.
maxProperties: 1
@@ -946,7 +1075,8 @@ spec:
minProperties: 2
- description: PostgreSql JDBC URL. Mutually exclusive to serviceRef.
+ description: |-
+ PostgreSql JDBC URL. Mutually exclusive to serviceRef.
e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
type: string
@@ -991,20 +1121,20 @@ spec:
type: object
type: object
- description: "Properties defines the property set for a given actor
- in the current context. For example, the workflow managed properties.
- One can define here a set of properties for SonataFlow deployments
- that will be reused across every workflow deployment. \n These properties
- MAY NOT be propagated to a SonataFlowClusterPlatform since PropertyVarSource
- can only refer local context sources."
+ description: |-
+ Properties defines the property set for a given actor in the current context.
+ For example, the workflow managed properties. One can define here a set of properties for SonataFlow deployments
+ that will be reused across every workflow deployment.
+ These properties MAY NOT be propagated to a SonataFlowClusterPlatform since PropertyVarSource can only refer local context sources.
description: Properties that will be added to the SonataFlow managed
configMaps in the current context.
- description: PropertyVar is the entry for a property set derived
- from the Kubernetes API EnvVar. Note that the name doesn't
- have to match C_IDENTIFIER.
+ description: |-
+ PropertyVar is the entry for a property set derived from the Kubernetes API EnvVar.
+ Note that the name doesn't have to match C_IDENTIFIER.
description: The property name
@@ -1023,10 +1153,13 @@ spec:
description: The key to select.
type: string
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the ConfigMap or its
@@ -1045,10 +1178,13 @@ spec:
be a valid secret key.
type: string
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the Secret or its key
@@ -1065,11 +1201,10 @@ spec:
type: array
type: object
- description: "Services attributes for deploying supporting applications
- like Data Index & Job Service. Only workflows without the `sonataflow.org/profile:
- dev` annotation will be configured to use these service(s). Setting
- this will override the use of any cluster-scoped services that might
- be defined via `SonataFlowClusterPlatform`."
+ description: |-
+ Services attributes for deploying supporting applications like Data Index & Job Service.
+ Only workflows without the `sonataflow.org/profile: dev` annotation will be configured to use these service(s).
+ Setting this will override the use of any cluster-scoped services that might be defined via `SonataFlowClusterPlatform`.
description: "Deploys the Data Index service for use by workflows
@@ -1082,8 +1217,11 @@ spec:
description: Persists service to a datasource of choice. Ephemeral
by default.
- maxProperties: 1
+ maxProperties: 2
+ migrateDBOnStartUp:
+ description: Whether to migrate database on service startup?
+ type: boolean
description: Connect configured services to a postgresql
@@ -1091,8 +1229,9 @@ spec:
minProperties: 2
- description: PostgreSql JDBC URL. Mutually exclusive
- to serviceRef. e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
+ description: |-
+ PostgreSql JDBC URL. Mutually exclusive to serviceRef.
+ e.g. "jdbc:postgresql://host:port/database?currentSchema=data-index-service"
type: string
description: Secret reference to the database user
@@ -1146,10 +1285,10 @@ spec:
of this platform service instance.
- description: Optional duration in seconds the pod may
- be active on the node relative to StartTime before the
- system will actively try to mark it failed and kill
- associated containers. Value must be a positive integer.
+ description: |-
+ Optional duration in seconds the pod may be active on the node relative to
+ StartTime before the system will actively try to mark it failed and kill associated containers.
+ Value must be a positive integer.
format: int64
type: integer
@@ -1160,24 +1299,20 @@ spec:
for the pod.
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node matches
- the corresponding matchExpressions; the node(s)
- with the highest sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
- description: An empty preferred scheduling term
- matches all objects with implicit weight 0
- (i.e. it's a no-op). A null preferred scheduling
- term matches no objects (i.e. is also a no-op).
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
description: A node selector term, associated
@@ -1187,84 +1322,70 @@ spec:
description: A list of node selector
requirements by node's labels.
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
description: The label key that
the selector applies to.
type: string
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
description: A list of node selector
requirements by node's fields.
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
description: The label key that
the selector applies to.
type: string
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
@@ -1278,110 +1399,96 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to an update), the system
- may or may not try to eventually evict the pod
- from its node.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
description: Required. A list of node selector
terms. The terms are ORed.
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
description: A list of node selector
requirements by node's labels.
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
description: The label key that
the selector applies to.
type: string
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
description: A list of node selector
requirements by node's fields.
- description: A node selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
description: The label key that
the selector applies to.
type: string
- description: Represents a key's
- relationship to a set of values.
- Valid operators are In, NotIn,
- Exists, DoesNotExist. Gt, and
- Lt.
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
- description: An array of string
- values. If the operator is In
- or NotIn, the values array must
- be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- If the operator is Gt or Lt,
- the values array must have a
- single element, which will be
- interpreted as an integer. This
- array is replaced during a strategic
- merge patch.
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
type: array
+ x-kubernetes-list-type: atomic
- nodeSelectorTerms
type: object
@@ -1393,20 +1500,16 @@ spec:
etc. as some other pod(s)).
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the affinity expressions
- specified by this field, but it may choose a
- node that violates one or more of the expressions.
- The node that is most preferred is the one with
- the greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum by
- iterating through the elements of this field
- and adding "weight" to the sum if the node has
- pods which matches the corresponding podAffinityTerm;
- the node(s) with the highest sum are the most
- preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
description: The weights of all of the matched
WeightedPodAffinityTerm fields are added per-node
@@ -1417,19 +1520,18 @@ spec:
associated with the corresponding weight.
- description: A label query over a set
- of resources, in this case pods.
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
description: matchExpressions is
a list of label selector requirements.
The requirements are ANDed.
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label
@@ -1437,67 +1539,82 @@ spec:
type: string
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
description: matchExpressions is
a list of label selector requirements.
The requirements are ANDed.
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label
@@ -1505,77 +1622,61 @@ spec:
type: string
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
- topologyKey
type: object
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
@@ -1583,41 +1684,38 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
- description: If the affinity requirements specified
- by this field are not met at scheduling time,
- the pod will not be scheduled onto the node.
- If the affinity requirements specified by this
- field cease to be met at some point during pod
- execution (e.g. due to a pod label update),
- the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
- description: A label query over a set of
- resources, in this case pods.
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label
@@ -1625,61 +1723,82 @@ spec:
type: string
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label
@@ -1687,68 +1806,59 @@ spec:
type: string
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
- topologyKey
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
description: Describes pod anti-affinity scheduling
@@ -1756,20 +1866,16 @@ spec:
zone, etc. as some other pod(s)).
- description: The scheduler will prefer to schedule
- pods to nodes that satisfy the anti-affinity
- expressions specified by this field, but it
- may choose a node that violates one or more
- of the expressions. The node that is most preferred
- is the one with the greatest sum of weights,
- i.e. for each node that meets all of the scheduling
- requirements (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute a
- sum by iterating through the elements of this
- field and adding "weight" to the sum if the
- node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
description: The weights of all of the matched
WeightedPodAffinityTerm fields are added per-node
@@ -1780,19 +1886,18 @@ spec:
associated with the corresponding weight.
- description: A label query over a set
- of resources, in this case pods.
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
description: matchExpressions is
a list of label selector requirements.
The requirements are ANDed.
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label
@@ -1800,67 +1905,82 @@ spec:
type: string
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
description: matchExpressions is
a list of label selector requirements.
The requirements are ANDed.
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label
@@ -1868,77 +1988,61 @@ spec:
type: string
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
- topologyKey
type: object
- description: weight associated with matching
- the corresponding podAffinityTerm, in
- the range 1-100.
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
format: int32
type: integer
@@ -1946,41 +2050,38 @@ spec:
- weight
type: object
type: array
+ x-kubernetes-list-type: atomic
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto the
- node. If the anti-affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod label
- update), the system may or may not try to eventually
- evict the pod from its node. When there are
- multiple elements, the lists of nodes corresponding
- to each podAffinityTerm are intersected, i.e.
- all terms must be satisfied.
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
- description: Defines a set of pods (namely those
- matching the labelSelector relative to the
- given namespace(s)) that this pod should be
- co-located (affinity) or not co-located (anti-affinity)
- with, where co-located is defined as running
- on a node whose value of the label with key
- matches that of any node on
- which a pod of the set of pods is running
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
- description: A label query over a set of
- resources, in this case pods.
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label
@@ -1988,61 +2089,82 @@ spec:
type: string
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
- description: A label query over the set
- of namespaces that the term applies to.
- The term is applied to the union of the
- namespaces selected by this field and
- the ones listed in the namespaces field.
- null selector and null or empty namespaces
- list means "this pod's namespace". An
- empty selector ({}) matches all namespaces.
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
description: matchExpressions is a list
of label selector requirements. The
requirements are ANDed.
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label
@@ -2050,68 +2172,59 @@ spec:
type: string
- description: operator represents
- a key's relationship to a set
- of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an array
- of string values. If the operator
- is In or NotIn, the values array
- must be non-empty. If the operator
- is Exists or DoesNotExist, the
- values array must be empty.
- This array is replaced during
- a strategic merge patch.
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map of
- {key,value} pairs. A single {key,value}
- in the matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are
- ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
- description: namespaces specifies a static
- list of namespace names that the term
- applies to. The term is applied to the
- union of the namespaces listed in this
- field and the ones selected by namespaceSelector.
- null or empty namespaces list and null
- namespaceSelector means "this pod's namespace".
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where co-located
- is defined as running on a node whose
- value of the label with key topologyKey
- matches that of any node on which any
- of the selected pods is running. Empty
- topologyKey is not allowed.
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
type: string
- topologyKey
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
@@ -2119,44 +2232,40 @@ spec:
a service account token should be automatically mounted.
type: boolean
- description: Container is the Kubernetes container where
- the application should run. One can change this attribute
- in order to override the defaults provided by the operator.
+ description: |-
+ Container is the Kubernetes container where the application should run.
+ One can change this attribute in order to override the defaults provided by the operator.
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved, the
- reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: string
type: array
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is used
- if this is not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double $$
- are reduced to a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped
- references will never be expanded, regardless of
- whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: string
type: array
- description: List of environment variables to set
- in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
description: EnvVar represents an environment variable
present in a Container.
@@ -2166,18 +2275,16 @@ spec:
type: string
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
description: Source for the environment variable's
@@ -2190,10 +2297,13 @@ spec:
description: The key to select.
type: string
- description: "Name of the referent.
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
type: string
description: Specify whether the ConfigMap
@@ -2204,11 +2314,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
description: Version of the schema the
@@ -2224,11 +2332,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a resource of the
- container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage,
- requests.cpu, requests.memory and requests.ephemeral-storage)
- are currently supported."
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
description: "Container name: required
@@ -2261,10 +2367,13 @@ spec:
type: string
- description: "Name of the referent.
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
type: string
description: Specify whether the Secret
@@ -2280,14 +2389,13 @@ spec:
type: object
type: array
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will take
- precedence. Values defined by an Env with a duplicate
- key will take precedence. Cannot be updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
description: EnvFromSource represents the source
of a set of ConfigMaps
@@ -2296,10 +2404,13 @@ spec:
description: The ConfigMap to select from
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the ConfigMap
@@ -2315,10 +2426,13 @@ spec:
description: The Secret to select from
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the Secret
@@ -2329,59 +2443,56 @@ spec:
type: object
type: array
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
type: string
- description: "Image pull policy. One of Always, Never,
- IfNotPresent. Defaults to Always if :latest tag
- is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
- description: Actions that the management system should
- take in response to container lifecycle events.
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
Cannot be updated.
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
description: Exec specifies the action to
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
description: HTTPGet specifies the http request
to perform.
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
description: Custom headers to set in
@@ -2391,11 +2502,9 @@ spec:
custom header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -2405,6 +2514,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -2413,25 +2523,37 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before being
+ terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of
+ seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
description: "Optional: Host name to connect
@@ -2441,59 +2563,51 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
type: object
- description: "PreStop is called immediately before
- a container is terminated due to an API request
- or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop hook
- is executed. Regardless of the outcome of the
- handler, the container will eventually terminate
- within the Pod's termination grace period (unless
- delayed by finalizers). Other management of
- the container blocks until the hook completes
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
description: Exec specifies the action to
- description: Command is the command line
- to execute inside the container, the
- working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to explicitly
- call out to that shell. Exit status
- of 0 is treated as live/healthy and
- non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
description: HTTPGet specifies the http request
to perform.
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
description: Custom headers to set in
@@ -2503,11 +2617,9 @@ spec:
custom header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names
- will be understood as the same
- header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -2517,6 +2629,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -2525,25 +2638,37 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before being
+ terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of
+ seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There are
- no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
description: "Optional: Host name to connect
@@ -2553,10 +2678,10 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
@@ -2564,32 +2689,31 @@ spec:
type: object
type: object
- description: "Periodic probe of container liveness.
+ description: |-
+ Periodic probe of container liveness.
Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -2602,11 +2726,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -2616,8 +2741,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -2628,10 +2753,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -2641,6 +2765,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP server.
type: string
@@ -2648,35 +2773,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -2691,58 +2816,53 @@ spec:
- type: integer
- type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying this
- array with strategic merge patch may corrupt the
- data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
description: ContainerPort represents a network
port in a single container.
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
@@ -2750,23 +2870,24 @@ spec:
port to.
type: string
- description: Number of port to expose on the
- host. If specified, this must be a valid port
- number, 0 < x < 65536. If HostNetwork is specified,
- this must match ContainerPort. Most containers
- do not need this.
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
format: int32
type: integer
- description: If specified, this must be an IANA_SVC_NAME
- and unique within the pod. Each named port
- in a pod must have a unique name. Name for
- the port that can be referred to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
- containerPort
@@ -2777,33 +2898,31 @@ spec:
- protocol
x-kubernetes-list-type: map
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -2816,11 +2935,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -2830,8 +2950,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -2842,10 +2962,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -2855,6 +2974,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP server.
type: string
@@ -2862,35 +2982,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -2905,38 +3025,33 @@ spec:
- type: integer
- type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
@@ -2947,14 +3062,14 @@ spec:
resize policy for the container.
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
type: string
- description: Restart policy to apply when specified
- resource is resized. If not specified, it
- defaults to NotRequired.
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
type: string
- resourceName
@@ -2963,25 +3078,35 @@ spec:
type: array
x-kubernetes-list-type: atomic
- description: "Compute Resources required by this container.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable. It
- can only be set for containers."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+ This field is immutable. It can only be set for containers.
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
- description: Name must match the name of
- one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes
- that resource available inside a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
type: string
- name
@@ -2997,8 +3122,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
@@ -3007,37 +3133,58 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Requests describes the minimum amount
- of compute resources required. If Requests is
- omitted for a container, it defaults to Limits
- if that is explicitly specified, otherwise to
- an implementation-defined value. Requests cannot
- exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges than
- its parent process. This bool directly controls
- if the no_new_privs flag will be set on the
- container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name is
- windows."
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
description: Added capabilities
@@ -3046,6 +3193,7 @@ spec:
capabilities type
type: string
type: array
+ x-kubernetes-list-type: atomic
description: Removed capabilities
@@ -3053,71 +3201,63 @@ spec:
capabilities type
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set when
- spec.os.name is windows.
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name is
- windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also be
- set in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note that
- this field cannot be set when spec.os.name is
- windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
description: Level is SELinux level label
@@ -3137,114 +3277,93 @@ spec:
type: string
type: object
- description: The seccomp options to use by this
- container. If seccomp options are provided at
- both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name is
- windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
- description: localhostProfile indicates a
- profile defined in a file on the node should
- be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be set
- if type is "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
- description: "type indicates which kind of
- seccomp profile will be applied. Valid options
- are: \n Localhost - a profile defined in
- a file on the node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
type: string
- type
type: object
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is linux.
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
- description: GMSACredentialSpec is where the
- GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
type: string
description: GMSACredentialSpecName is the
name of the GMSA credential spec to use.
type: string
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only
- be honored by components that enable the
- WindowsHostProcessContainers feature flag.
- Setting this field without the feature flag
- will result in errors when validating the
- Pod. All of a Pod's containers must have
- the same effective HostProcess value (it
- is not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
type: boolean
- description: The UserName in Windows to run
- the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no other
- probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted,
- just as if the livenessProbe failed. This can be
- used to provide different probe parameters at the
- beginning of a Pod's lifecycle, when it might take
- a long time to load data or warm a cache, than during
- steady-state operation. This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line to
- execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside a
- shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell, you
- need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -3257,11 +3376,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the service
- to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -3271,8 +3391,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -3283,10 +3403,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon output,
- so case-variant names will be understood
- as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -3296,6 +3415,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP server.
type: string
@@ -3303,35 +3423,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum value
- is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -3346,86 +3466,75 @@ spec:
- type: integer
- type: string
- description: Number or name of the port to
- access on the container. Number must be
- in the range 1 to 65535. Name must be an
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration in
- seconds after the processes running in the pod
- are sent a termination signal and the time when
- the processes are forcibly halted with a kill
- signal. Set this value longer than the expected
- cleanup time for your process. If this value
- is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value must
- be non-negative integer. The value zero indicates
- stop immediately via the kill signal (no opportunity
- to shut down). This is a beta field and requires
- enabling ProbeTerminationGracePeriod feature
- gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which the
- probe times out. Defaults to 1 second. Minimum
- value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
type: boolean
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach sessions.
- If stdinOnce is set to true, stdin is opened on
- container start, is empty until the first client
- attaches to stdin, and then remains open and accepts
- data until the client disconnects, at which time
- stdin is closed and remains closed until the container
- is restarted. If this flag is false, a container
- processes that reads from stdin will never receive
- an EOF. Default is false
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
type: boolean
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final status,
- such as an assertion failure message. Will be truncated
- by the node if greater than 4096 bytes. The total
- message length across all containers will be limited
- to 12kb. Defaults to /dev/termination-log. Cannot
- be updated."
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output is
- limited to 2048 bytes or 80 lines, whichever is
- smaller. Defaults to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be true.
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
Default is false.
type: boolean
@@ -3450,44 +3559,65 @@ spec:
type: object
type: array
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
description: VolumeMount describes a mounting of
a Volume within a container.
- description: Path within the container at which
- the volume should be mounted. Must not contain
- ':'.
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
type: string
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set, MountPropagationNone
- is used. This field is beta in 1.10.
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
type: string
description: This must match the Name of a Volume.
type: string
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
- description: Path within the volume from which
- the container's volume should be mounted.
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
type: string
- description: Expanded path within the volume
- from which the container's volume should be
- mounted. Behaves similarly to SubPath but
- environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
type: string
- mountPath
@@ -3496,47 +3626,47 @@ spec:
type: array
type: object
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed. There
- must be at least one container in a Pod. Cannot be updated.
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
description: A single application container that you
want to run within a pod.
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: List of environment variables to set
- in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
description: EnvVar represents an environment
variable present in a Container.
@@ -3546,18 +3676,16 @@ spec:
type: string
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
description: Source for the environment variable's
@@ -3570,10 +3698,13 @@ spec:
description: The key to select.
type: string
- description: "Name of the referent.
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
type: string
description: Specify whether the ConfigMap
@@ -3584,11 +3715,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
description: Version of the schema
@@ -3604,12 +3733,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
description: "Container name: required
@@ -3642,10 +3768,13 @@ spec:
secret key.
type: string
- description: "Name of the referent.
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
type: string
description: Specify whether the Secret
@@ -3660,16 +3789,17 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
description: EnvFromSource represents the source
of a set of ConfigMaps
@@ -3678,10 +3808,13 @@ spec:
description: The ConfigMap to select from
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the ConfigMap
@@ -3698,10 +3831,13 @@ spec:
description: The Secret to select from
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the Secret
@@ -3711,61 +3847,58 @@ spec:
x-kubernetes-map-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
type: string
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
description: Exec specifies the action to
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
description: HTTPGet specifies the http
request to perform.
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
description: Custom headers to set in
@@ -3777,11 +3910,9 @@ spec:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field
@@ -3792,6 +3923,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -3800,25 +3932,37 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of
+ seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
description: "Optional: Host name to
@@ -3828,60 +3972,51 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
type: object
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
description: Exec specifies the action to
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
description: HTTPGet specifies the http
request to perform.
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
description: Custom headers to set in
@@ -3893,11 +4028,9 @@ spec:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field
@@ -3908,6 +4041,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -3916,25 +4050,37 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of
+ seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
description: "Optional: Host name to
@@ -3944,10 +4090,10 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
@@ -3955,33 +4101,31 @@ spec:
type: object
type: object
- description: "Periodic probe of container liveness.
+ description: |-
+ Periodic probe of container liveness.
Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -3994,11 +4138,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -4008,8 +4153,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -4020,10 +4165,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -4033,6 +4177,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -4041,35 +4186,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -4084,63 +4229,59 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
type: string
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
description: ContainerPort represents a network
port in a single container.
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
@@ -4148,24 +4289,24 @@ spec:
port to.
type: string
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
Most containers do not need this.
format: int32
type: integer
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
- containerPort
@@ -4176,34 +4317,31 @@ spec:
- protocol
x-kubernetes-list-type: map
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -4216,11 +4354,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -4230,8 +4369,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -4242,10 +4381,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -4255,6 +4393,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -4263,35 +4402,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -4306,38 +4445,33 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
@@ -4348,14 +4482,14 @@ spec:
resource resize policy for the container.
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
type: string
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
type: string
- resourceName
@@ -4364,26 +4498,35 @@ spec:
type: array
x-kubernetes-list-type: atomic
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+ This field is immutable. It can only be set for containers.
description: ResourceClaim references one
entry in PodSpec.ResourceClaims.
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
type: string
- name
@@ -4399,8 +4542,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
@@ -4409,37 +4553,76 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
description: Added capabilities
@@ -4448,6 +4631,7 @@ spec:
capabilities type
type: string
type: array
+ x-kubernetes-list-type: atomic
description: Removed capabilities
@@ -4455,71 +4639,63 @@ spec:
capabilities type
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
description: Level is SELinux level label
@@ -4539,117 +4715,93 @@ spec:
type: string
type: object
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
type: string
- type
type: object
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
type: string
description: GMSACredentialSpecName is the
name of the GMSA credential spec to use.
type: string
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
type: boolean
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -4662,11 +4814,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -4676,8 +4829,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -4688,10 +4841,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -4701,6 +4853,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -4709,35 +4862,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -4752,87 +4905,76 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
type: boolean
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
type: boolean
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
type: boolean
description: volumeDevices is the list of block
@@ -4855,81 +4997,111 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
description: VolumeMount describes a mounting
of a Volume within a container.
- description: Path within the container at
- which the volume should be mounted. Must
+ description: |-
+ Path within the container at which the volume should be mounted. Must
not contain ':'.
type: string
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
type: string
description: This must match the Name of a
type: string
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
- description: Path within the volume from which
- the container's volume should be mounted.
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
type: string
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
type: string
- mountPath
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
type: string
- name
type: object
type: array
- description: Specifies the DNS parameters of a pod. Parameters
- specified here will be merged to the generated DNS configuration
- based on DNSPolicy.
+ description: |-
+ Specifies the DNS parameters of a pod.
+ Parameters specified here will be merged to the generated DNS
+ configuration based on DNSPolicy.
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers generated
- from DNSPolicy. Duplicated nameservers will be removed.
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ Duplicated nameservers will be removed.
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: A list of DNS resolver options. This
- will be merged with the base options generated from
- DNSPolicy. Duplicated entries will be removed. Resolution
- options given in Options will override those that
- appear in the base DNSPolicy.
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Duplicated entries will be removed. Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
description: PodDNSConfigOption defines DNS resolver
options of a pod.
@@ -4941,156 +5113,160 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
- description: A list of DNS search domains for host-name
- lookup. This will be appended to the base search
- paths generated from DNSPolicy. Duplicated search
- paths will be removed.
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ Duplicated search paths will be removed.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Set DNS policy for the pod. Defaults to "ClusterFirst".
- Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
- 'Default' or 'None'. DNS parameters given in DNSConfig
- will be merged with the policy selected with DNSPolicy.
- To have DNS options set along with hostNetwork, you
- have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
+ description: |-
+ Set DNS policy for the pod.
+ Defaults to "ClusterFirst".
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+ DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+ To have DNS options set along with hostNetwork, you have to specify DNS policy
+ explicitly to 'ClusterFirstWithHostNet'.
type: string
- description: "EnableServiceLinks indicates whether information
- about services should be injected into pod's environment
- variables, matching the syntax of Docker links. Optional:
- Defaults to true."
+ description: |-
+ EnableServiceLinks indicates whether information about services should be injected into pod's
+ environment variables, matching the syntax of Docker links.
+ Optional: Defaults to true.
type: boolean
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts file
- if specified. This is only valid for non-hostNetwork
- pods.
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified. This is only valid for non-hostNetwork pods.
- description: HostAlias holds the mapping between IP
- and hostnames that will be injected as an entry in
- the pod's hosts file.
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
description: Hostnames for the above IP address.
type: string
type: array
+ x-kubernetes-list-type: atomic
description: IP address of the host file entry.
type: string
+ required:
+ - ip
type: object
type: array
- description: "Use the host's ipc namespace. Optional:
- Default to false."
+ description: |-
+ Use the host's ipc namespace.
+ Optional: Default to false.
type: boolean
- description: Host networking requested for this pod. Use
- the host's network namespace. If this option is set,
- the ports that will be used must be specified. Default
- to false.
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
type: boolean
- description: "Use the host's pid namespace. Optional:
- Default to false."
+ description: |-
+ Use the host's pid namespace.
+ Optional: Default to false.
type: boolean
- description: "Use the host's user namespace. Optional:
- Default to true. If set to true or not present, the
- pod will be run in the host user namespace, useful for
- when the pod needs a feature only available to the host
- user namespace, such as loading a kernel module with
- CAP_SYS_MODULE. When set to false, a new userns is created
- for the pod. Setting false is useful for mitigating
- container breakout vulnerabilities even allowing users
- to run their containers as root without actually having
- root privileges on the host. This field is alpha-level
- and is only honored by servers that enable the UserNamespacesSupport
- feature."
+ description: |-
+ Use the host's user namespace.
+ Optional: Default to true.
+ If set to true or not present, the pod will be run in the host user namespace, useful
+ for when the pod needs a feature only available to the host user namespace, such as
+ loading a kernel module with CAP_SYS_MODULE.
+ When set to false, a new userns is created for the pod. Setting false is useful for
+ mitigating container breakout vulnerabilities even allowing users to run their
+ containers as root without actually having root privileges on the host.
+ This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
type: boolean
- description: Specifies the hostname of the Pod If not
- specified, the pod's hostname will be set to a system-defined
- value.
+ description: |-
+ Specifies the hostname of the Pod
+ If not specified, the pod's hostname will be set to a system-defined value.
type: string
- description: "ImagePullSecrets is an optional list of
- references to secrets in the same namespace to use for
- pulling any of the images used by this PodSpec. If specified,
- these secrets will be passed to individual puller implementations
- for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod"
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
- description: LocalObjectReference contains enough information
- to let you locate the referenced object inside the
- same namespace.
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
- description:
- "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind,
- uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
type: array
- description: "List of initialization containers belonging
- to the pod. Init containers are executed in order prior
- to containers being started. If any init container fails,
- the pod is considered to have failed and is handled
- according to its restartPolicy. The name for an init
- container or normal container must be unique among all
- containers. Init containers may not have Lifecycle actions,
- Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken
- into account during scheduling by finding the highest
- request/limit for each resource type, and then using
- the max of of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar fashion.
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
Init containers cannot currently be added or removed.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/"
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
description: A single application container that you
want to run within a pod.
- description: 'Arguments to the entrypoint. The container
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using
- the container''s environment. If a variable cannot
- be resolved, the reference in the input string
- will be unchanged. Double $$ are reduced to a
- single $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the string
- literal "$(VAR_NAME)". Escaped references will
- never be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: 'Entrypoint array. Not executed within
- a shell. The container image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be unchanged.
- Double $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot
- be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
type: string
type: array
+ x-kubernetes-list-type: atomic
- description: List of environment variables to set
- in the container. Cannot be updated.
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
description: EnvVar represents an environment
variable present in a Container.
@@ -5100,18 +5276,16 @@ spec:
type: string
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container and
- any service environment variables. If a
- variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Defaults to "".'
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
type: string
description: Source for the environment variable's
@@ -5124,10 +5298,13 @@ spec:
description: The key to select.
type: string
- description: "Name of the referent.
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
type: string
description: Specify whether the ConfigMap
@@ -5138,11 +5315,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a field of the pod:
- supports metadata.name, metadata.namespace,
- `metadata.labels['']`, `metadata.annotations['']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs."
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
description: Version of the schema
@@ -5158,12 +5333,9 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported."
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
description: "Container name: required
@@ -5196,10 +5368,13 @@ spec:
secret key.
type: string
- description: "Name of the referent.
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
type: string
description: Specify whether the Secret
@@ -5214,16 +5389,17 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
- description: List of sources to populate environment
- variables in the container. The keys defined within
- a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container
- is starting. When a key exists in multiple sources,
- the value associated with the last source will
- take precedence. Values defined by an Env with
- a duplicate key will take precedence. Cannot be
- updated.
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
description: EnvFromSource represents the source
of a set of ConfigMaps
@@ -5232,10 +5408,13 @@ spec:
description: The ConfigMap to select from
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the ConfigMap
@@ -5252,10 +5431,13 @@ spec:
description: The Secret to select from
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: Specify whether the Secret
@@ -5265,61 +5447,58 @@ spec:
x-kubernetes-map-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
- description:
- "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config
- management to default or override container images
- in workload controllers like Deployments and StatefulSets."
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
type: string
- description: "Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if :latest
- tag is specified, or IfNotPresent otherwise. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
type: string
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
- description: "PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and restarted
- according to its restart policy. Other management
- of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
description: Exec specifies the action to
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
description: HTTPGet specifies the http
request to perform.
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
description: Custom headers to set in
@@ -5331,11 +5510,9 @@ spec:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field
@@ -5346,6 +5523,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -5354,25 +5532,37 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of
+ seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
description: "Optional: Host name to
@@ -5382,60 +5572,51 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
type: object
- description: "PreStop is called immediately
- before a container is terminated due to an
- API request or management event such as liveness/startup
- probe failure, preemption, resource contention,
- etc. The handler is not called if the container
- crashes or exits. The Pod's termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other
- management of the container blocks until the
- hook completes or until the termination grace
- period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
description: Exec specifies the action to
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
description: HTTPGet specifies the http
request to perform.
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
type: string
description: Custom headers to set in
@@ -5447,11 +5628,9 @@ spec:
- description: The header field
- name. This will be canonicalized
- upon output, so case-variant
- names will be understood as
- the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field
@@ -5462,6 +5641,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -5470,25 +5650,37 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of
+ seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
- description: Deprecated. TCPSocket is NOT
- supported as a LifecycleHandler and kept
- for the backward compatibility. There
- are no validation of this field and lifecycle
- hooks will fail in runtime when tcp handler
- is specified.
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
description: "Optional: Host name to
@@ -5498,10 +5690,10 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
@@ -5509,33 +5701,31 @@ spec:
type: object
type: object
- description: "Periodic probe of container liveness.
+ description: |-
+ Periodic probe of container liveness.
Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -5548,11 +5738,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -5562,8 +5753,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -5574,10 +5765,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -5587,6 +5777,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -5595,35 +5786,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -5638,63 +5829,59 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
- description: Name of the container specified as
- a DNS_LABEL. Each container in a pod must have
- a unique name (DNS_LABEL). Cannot be updated.
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
type: string
- description: List of ports to expose from the container.
- Not specifying a port here DOES NOT prevent that
- port from being exposed. Any port which is listening
- on the default "" address inside a container
- will be accessible from the network. Modifying
- this array with strategic merge patch may corrupt
- the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
Cannot be updated.
description: ContainerPort represents a network
port in a single container.
- description: Number of port to expose on the
- pod's IP address. This must be a valid port
- number, 0 < x < 65536.
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
@@ -5702,24 +5889,24 @@ spec:
port to.
type: string
- description: Number of port to expose on the
- host. If specified, this must be a valid
- port number, 0 < x < 65536. If HostNetwork
- is specified, this must match ContainerPort.
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
Most containers do not need this.
format: int32
type: integer
- description: If specified, this must be an
- IANA_SVC_NAME and unique within the pod.
- Each named port in a pod must have a unique
- name. Name for the port that can be referred
- to by services.
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
type: string
default: TCP
- description: Protocol for port. Must be UDP,
- TCP, or SCTP. Defaults to "TCP".
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
type: string
- containerPort
@@ -5730,34 +5917,31 @@ spec:
- protocol
x-kubernetes-list-type: map
- description: "Periodic probe of container service
- readiness. Container will be removed from service
- endpoints if the probe fails. Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -5770,11 +5954,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -5784,8 +5969,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -5796,10 +5981,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -5809,6 +5993,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -5817,35 +6002,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -5860,38 +6045,33 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
@@ -5902,14 +6082,14 @@ spec:
resource resize policy for the container.
- description: "Name of the resource to which
- this resource resize policy applies. Supported
- values: cpu, memory."
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
type: string
- description: Restart policy to apply when
- specified resource is resized. If not specified,
- it defaults to NotRequired.
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
type: string
- resourceName
@@ -5918,26 +6098,35 @@ spec:
type: array
x-kubernetes-list-type: atomic
- description: "Compute Resources required by this
- container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- description: "Claims lists the names of resources,
- defined in spec.resourceClaims, that are used
- by this container. \n This is an alpha field
- and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable.
- It can only be set for containers."
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+ This field is immutable. It can only be set for containers.
description: ResourceClaim references one
entry in PodSpec.ResourceClaims.
- description: Name must match the name
- of one entry in pod.spec.resourceClaims
- of the Pod where this field is used.
- It makes that resource available inside
- a container.
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
type: string
- name
@@ -5953,8 +6142,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Limits describes the maximum amount
- of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
@@ -5963,37 +6153,76 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Requests describes the minimum
- amount of compute resources required. If Requests
- is omitted for a container, it defaults to
- Limits if that is explicitly specified, otherwise
- to an implementation-defined value. Requests
- cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
- description: "SecurityContext defines the security
- options the container should be run with. If set,
- the fields of SecurityContext override the equivalent
- fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- description: "AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will be
- set on the container process. AllowPrivilegeEscalation
- is true always when the container is: 1) run
- as Privileged 2) has CAP_SYS_ADMIN Note that
- this field cannot be set when spec.os.name
- is windows."
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
- description: The capabilities to add/drop when
- running containers. Defaults to the default
- set of capabilities granted by the container
- runtime. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
description: Added capabilities
@@ -6002,6 +6231,7 @@ spec:
capabilities type
type: string
type: array
+ x-kubernetes-list-type: atomic
description: Removed capabilities
@@ -6009,71 +6239,63 @@ spec:
capabilities type
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Run container in privileged mode.
- Processes in privileged containers are essentially
- equivalent to root on the host. Defaults to
- false. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
- description: procMount denotes the type of proc
- mount to use for the containers. The default
- is DefaultProcMount which uses the container
- runtime defaults for readonly paths and masked
- paths. This requires the ProcMountType feature
- flag to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
- description: Whether this container has a read-only
- root filesystem. Default is false. Note that
- this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
type: boolean
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also
- be set in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext, the
- value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: The SELinux context to be applied
- to the container. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is windows.
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
description: Level is SELinux level label
@@ -6093,117 +6315,93 @@ spec:
type: string
type: object
- description: The seccomp options to use by this
- container. If seccomp options are provided
- at both the pod & container level, the container
- options override the pod options. Note that
- this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
- description: localhostProfile indicates
- a profile defined in a file on the node
- should be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be
- set if type is "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
- description: "type indicates which kind
- of seccomp profile will be applied. Valid
- options are: \n Localhost - a profile
- defined in a file on the node should be
- used. RuntimeDefault - the container runtime
- default profile should be used. Unconfined
- - no profile should be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
type: string
- type
type: object
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be
- set when spec.os.name is linux.
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
type: string
description: GMSACredentialSpecName is the
name of the GMSA credential spec to use.
type: string
- description: HostProcess determines if a
- container should be run as a 'Host Process'
- container. This field is alpha-level and
- will only be honored by components that
- enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a Pod's
- containers must have the same effective
- HostProcess value (it is not allowed to
- have a mix of HostProcess containers and
- non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork
- must also be set to true.
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
type: boolean
- description: The UserName in Windows to
- run the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both
- SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
- description: "StartupProbe indicates that the Pod
- has successfully initialized. If specified, no
- other probes are executed until this completes
- successfully. If this probe fails, the Pod will
- be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters
- at the beginning of a Pod's lifecycle, when it
- might take a long time to load data or warm a
- cache, than during steady-state operation. This
- cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
description: Exec specifies the action to take.
- description: Command is the command line
- to execute inside the container, the working
- directory for the command is root ('/')
- in the container's filesystem. The command
- is simply exec'd, it is not run inside
- a shell, so traditional shell instructions
- ('|', etc) won't work. To use a shell,
- you need to explicitly call out to that
- shell. Exit status of 0 is treated as
- live/healthy and non-zero is unhealthy.
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: Minimum consecutive failures for
- the probe to be considered failed after having
- succeeded. Defaults to 3. Minimum value is
- 1.
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
format: int32
type: integer
@@ -6216,11 +6414,12 @@ spec:
format: int32
type: integer
- description: "Service is the name of the
- service to place in the gRPC HealthCheckRequest
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
+ If this is not specified, the default behavior is defined by gRPC.
type: string
- port
@@ -6230,8 +6429,8 @@ spec:
to perform.
- description: Host name to connect to, defaults
- to the pod IP. You probably want to set
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
"Host" in httpHeaders instead.
type: string
@@ -6242,10 +6441,9 @@ spec:
header to be used in HTTP probes
- description: The header field name.
- This will be canonicalized upon
- output, so case-variant names will
- be understood as the same header.
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
type: string
description: The header field value
@@ -6255,6 +6453,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
description: Path to access on the HTTP
@@ -6263,35 +6462,35 @@ spec:
- type: integer
- type: string
- description: Name or number of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
type: string
- port
type: object
- description: "Number of seconds after the container
- has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
- description: Minimum consecutive successes for
- the probe to be considered successful after
- having failed. Defaults to 1. Must be 1 for
- liveness and startup. Minimum value is 1.
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
type: integer
@@ -6306,87 +6505,76 @@ spec:
- type: integer
- type: string
- description: Number or name of the port
- to access on the container. Number must
- be in the range 1 to 65535. Name must
- be an IANA_SVC_NAME.
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
- port
type: object
- description: Optional duration in seconds the
- pod needs to terminate gracefully upon probe
- failure. The grace period is the duration
- in seconds after the processes running in
- the pod are sent a termination signal and
- the time when the processes are forcibly halted
- with a kill signal. Set this value longer
- than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value zero
- indicates stop immediately via the kill signal
- (no opportunity to shut down). This is a beta
- field and requires enabling ProbeTerminationGracePeriod
- feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
format: int64
type: integer
- description: "Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
type: object
- description: Whether this container should allocate
- a buffer for stdin in the container runtime. If
- this is not set, reads from stdin in the container
- will always result in EOF. Default is false.
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
type: boolean
- description: Whether the container runtime should
- close the stdin channel after it has been opened
- by a single attach. When stdin is true the stdin
- stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is
- opened on container start, is empty until the
- first client attaches to stdin, and then remains
- open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed
- until the container is restarted. If this flag
- is false, a container processes that reads from
- stdin will never receive an EOF. Default is false
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
type: boolean
- description: "Optional: Path at which the file to
- which the container's termination message will
- be written is mounted into the container's filesystem.
- Message written is intended to be brief final
- status, such as an assertion failure message.
- Will be truncated by the node if greater than
- 4096 bytes. The total message length across all
- containers will be limited to 12kb. Defaults to
- /dev/termination-log. Cannot be updated."
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
type: string
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the container
- status message on both success and failure. FallbackToLogsOnError
- will use the last chunk of container log output
- if the termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
type: string
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to be
- true. Default is false.
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
type: boolean
description: volumeDevices is the list of block
@@ -6409,105 +6597,142 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
description: VolumeMount describes a mounting
of a Volume within a container.
- description: Path within the container at
- which the volume should be mounted. Must
+ description: |-
+ Path within the container at which the volume should be mounted. Must
not contain ':'.
type: string
- description: mountPropagation determines how
- mounts are propagated from the host to container
- and the other way around. When not set,
- MountPropagationNone is used. This field
- is beta in 1.10.
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
type: string
description: This must match the Name of a
type: string
- description: Mounted read-only if true, read-write
- otherwise (false or unspecified). Defaults
- to false.
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
- description: Path within the volume from which
- the container's volume should be mounted.
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
Defaults to "" (volume's root).
type: string
- description: Expanded path within the volume
- from which the container's volume should
- be mounted. Behaves similarly to SubPath
- but environment variable references $(VAR_NAME)
- are expanded using the container's environment.
- Defaults to "" (volume's root). SubPathExpr
- and SubPath are mutually exclusive.
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
type: string
- mountPath
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
- description: Container's working directory. If not
- specified, the container runtime's default will
- be used, which might be configured in the container
- image. Cannot be updated.
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
type: string
- name
type: object
type: array
- description: NodeName is a request to schedule this pod
- onto a specific node. If it is non-empty, the scheduler
- simply schedules this pod onto that node, assuming that
- it fits resource requirements.
+ description: |-
+ NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+ the scheduler simply schedules this pod onto that node, assuming that it fits resource
+ requirements.
type: string
type: string
- description: "NodeSelector is a selector which must be
- true for the pod to fit on a node. Selector which must
- match a node's labels for the pod to be scheduled on
- that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
type: object
x-kubernetes-map-type: atomic
- description: "Specifies the OS of the containers in the
- pod. Some pod and container fields are restricted if
- this is set. \n If the OS field is set to linux, the
- following fields must be unset: -securityContext.windowsOptions
- \n If the OS field is set to windows, following fields
- must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers
- - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
- - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
- - spec.securityContext.sysctls - spec.shareProcessNamespace
- - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
- - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
+ description: |-
+ Specifies the OS of the containers in the pod.
+ Some pod and container fields are restricted if this is set.
+ If the OS field is set to linux, the following fields must be unset:
+ -securityContext.windowsOptions
+ If the OS field is set to windows, following fields must be unset:
+ - spec.hostPID
+ - spec.hostIPC
+ - spec.hostUsers
+ - spec.securityContext.seLinuxOptions
+ - spec.securityContext.seccompProfile
+ - spec.securityContext.fsGroup
+ - spec.securityContext.fsGroupChangePolicy
+ - spec.securityContext.sysctls
+ - spec.shareProcessNamespace
+ - spec.securityContext.runAsUser
+ - spec.securityContext.runAsGroup
+ - spec.securityContext.supplementalGroups
+ - spec.containers[*].securityContext.seLinuxOptions
- spec.containers[*].securityContext.seccompProfile
- - spec.containers[*].securityContext.capabilities -
- spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
- - spec.containers[*].securityContext.runAsGroup"
+ - spec.containers[*].securityContext.capabilities
+ - spec.containers[*].securityContext.readOnlyRootFilesystem
+ - spec.containers[*].securityContext.privileged
+ - spec.containers[*].securityContext.allowPrivilegeEscalation
+ - spec.containers[*].securityContext.procMount
+ - spec.containers[*].securityContext.runAsUser
+ - spec.containers[*].securityContext.runAsGroup
- description: "Name is the name of the operating system.
- The currently supported values are linux and windows.
- Additional value may be defined in future and can
- be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values
- and treat unrecognized values in this field as os:
- null"
+ description: |-
+ Name is the name of the operating system. The currently supported values are linux and windows.
+ Additional value may be defined in future and can be one of:
+ https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+ Clients should expect to handle additional values and treat unrecognized values in this field as os: null
type: string
- name
@@ -6519,48 +6744,45 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
- description: "Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time by
- the RuntimeClass admission controller. If the RuntimeClass
- admission controller is enabled, overhead must not be
- set in Pod create requests. The RuntimeClass admission
- controller will reject Pod create requests which have
- the overhead already set. If RuntimeClass is configured
- and selected in the PodSpec, Overhead will be set to
- the value defined in the corresponding RuntimeClass,
- otherwise it will remain unset and treated as zero.
- More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md"
+ description: |-
+ Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+ This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+ the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+ The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+ set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
+ defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
type: object
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
+ description: |-
+ PreemptionPolicy is the Policy for preempting pods with lower priority.
+ One of Never, PreemptLowerPriority.
Defaults to PreemptLowerPriority if unset.
type: string
- description: The priority value. Various system components
- use this field to find the priority of the pod. When
- Priority Admission Controller is enabled, it prevents
- users from setting this field. The admission controller
- populates this field from PriorityClassName. The higher
- the value, the higher the priority.
+ description: |-
+ The priority value. Various system components use this field to find the
+ priority of the pod. When Priority Admission Controller is enabled, it
+ prevents users from setting this field. The admission controller populates
+ this field from PriorityClassName.
+ The higher the value, the higher the priority.
format: int32
type: integer
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod priority
- will be default or zero if there is no default.
+ description: |-
+ If specified, indicates the pod's priority. "system-node-critical" and
+ "system-cluster-critical" are two special keywords which indicate the
+ highest priorities with the former being the highest priority. Any other
+ name must be defined by creating a PriorityClass object with that name.
+ If not specified, the pod priority will be default or zero if there is no
+ default.
type: string
- description: 'If specified, all readiness gates will be
- evaluated for pod readiness. A pod is ready when all
- its containers are ready AND all conditions specified
- in the readiness gates have status equal to "True" More
- info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
+ description: |-
+ If specified, all readiness gates will be evaluated for pod readiness.
+ A pod is ready when all its containers are ready AND
+ all conditions specified in the readiness gates have status equal to "True"
+ More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
description: PodReadinessGate contains the reference
to a pod condition
@@ -6577,55 +6799,56 @@ spec:
format: int32
type: integer
- description: "ResourceClaims defines which ResourceClaims
- must be allocated and reserved before the Pod is allowed
- to start. The resources will be made available to those
- containers which consume them by name. \n This is an
- alpha field and requires enabling the DynamicResourceAllocation
- feature gate. \n This field is immutable."
+ description: |-
+ ResourceClaims defines which ResourceClaims must be allocated
+ and reserved before the Pod is allowed to start. The resources
+ will be made available to those containers which consume them
+ by name.
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+ This field is immutable.
- description: PodResourceClaim references exactly one
- ResourceClaim through a ClaimSource. It adds a name
- to it that uniquely identifies the ResourceClaim inside
- the Pod. Containers that need access to the ResourceClaim
- reference it with this name.
+ description: |-
+ PodResourceClaim references exactly one ResourceClaim, either directly
+ or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim
+ for the pod.
+ It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+ Containers that need access to the ResourceClaim reference it with this name.
- description: Name uniquely identifies this resource
- claim inside the pod. This must be a DNS_LABEL.
+ description: |-
+ Name uniquely identifies this resource claim inside the pod.
+ This must be a DNS_LABEL.
type: string
- source:
- description: Source describes where to find the
+ resourceClaimName:
+ description: |-
+ ResourceClaimName is the name of a ResourceClaim object in the same
+ namespace as this pod.
+ Exactly one of ResourceClaimName and ResourceClaimTemplateName must
+ be set.
+ type: string
+ resourceClaimTemplateName:
+ description: |-
+ ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+ object in the same namespace as this pod.
+ The template will be used to create a new ResourceClaim, which will
+ be bound to this pod. When this pod is deleted, the ResourceClaim
+ will also be deleted. The pod name and resource name, along with a
+ generated component, will be used to form a unique name for the
+ ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
+ This field is immutable and no changes will be made to the
+ corresponding ResourceClaim by the control plane after creating the
- properties:
- resourceClaimName:
- description: ResourceClaimName is the name of
- a ResourceClaim object in the same namespace
- as this pod.
- type: string
- resourceClaimTemplateName:
- description: "ResourceClaimTemplateName is the
- name of a ResourceClaimTemplate object in
- the same namespace as this pod. \n The template
- will be used to create a new ResourceClaim,
- which will be bound to this pod. When this
- pod is deleted, the ResourceClaim will also
- be deleted. The name of the ResourceClaim
- will be -, where
- is the PodResourceClaim.Name.
- Pod validation will reject the pod if the
- concatenated name is not valid for a ResourceClaim
- (e.g. too long). \n An existing ResourceClaim
- with that name that is not owned by the pod
- will not be used for the pod to avoid using
- an unrelated resource by mistake. Scheduling
- and pod startup are then blocked until the
- unrelated ResourceClaim is removed. \n This
- field is immutable and no changes will be
- made to the corresponding ResourceClaim by
- the control plane after creating the ResourceClaim."
- type: string
- type: object
+ Exactly one of ResourceClaimName and ResourceClaimTemplateName must
+ be set.
+ type: string
- name
type: object
@@ -6634,41 +6857,42 @@ spec:
- name
x-kubernetes-list-type: map
- description: "Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. In some contexts,
- only a subset of those values may be permitted. Default
- to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy"
+ description: |-
+ Restart policy for all containers within the pod.
+ One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+ Default to Always.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
type: string
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be used
- to run this pod. If no RuntimeClass resource matches
- the named class, the pod will not be run. If unset or
- empty, the "legacy" RuntimeClass will be used, which
- is an implicit class with an empty definition that uses
- the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
+ description: |-
+ RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+ to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
+ If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+ empty definition that uses the default runtime handler.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
type: string
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod will
- be dispatched by default scheduler.
+ description: |-
+ If specified, the pod will be dispatched by specified scheduler.
+ If not specified, the pod will be dispatched by default scheduler.
type: string
- description: "SchedulingGates is an opaque list of values
- that if specified will block scheduling the pod. If
- schedulingGates is not empty, the pod will stay in the
- SchedulingGated state and the scheduler will not attempt
- to schedule the pod. \n SchedulingGates can only be
- set at pod creation time, and be removed only afterwards.
- \n This is a beta feature enabled by the PodSchedulingReadiness
- feature gate."
+ description: |-
+ SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+ If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+ scheduler will not attempt to schedule the pod.
+ SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+ This is a beta feature enabled by the PodSchedulingReadiness feature gate.
description: PodSchedulingGate is associated to a Pod
to guard its scheduling.
- description: Name of the scheduling gate. Each scheduling
- gate must have a unique name field.
+ description: |-
+ Name of the scheduling gate.
+ Each scheduling gate must have a unique name field.
type: string
- name
@@ -6678,75 +6902,94 @@ spec:
- name
x-kubernetes-list-type: map
- description: "SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field."
+ description: |-
+ SecurityContext holds pod-level security attributes and common container settings.
+ Optional: Defaults to empty. See type description for default values of each field.
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
- description: "A special supplemental group that applies
- to all containers in a pod. Some volume types allow
- the Kubelet to change the ownership of that volume
- to be owned by the pod: \n 1. The owning GID will
- be the FSGroup 2. The setgid bit is set (new files
- created in the volume will be owned by FSGroup)
- 3. The permission bits are OR'd with rw-rw---- \n
- If unset, the Kubelet will not modify the ownership
- and permissions of any volume. Note that this field
- cannot be set when spec.os.name is windows."
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the volume
- before being exposed inside Pod. This field will
- only apply to volume types which support fsGroup
- based ownership(and permissions). It will have no
- effect on ephemeral volume types such as: secret,
- configmaps and emptydir. Valid values are "OnRootMismatch"
- and "Always". If not specified, "Always" is used.
- Note that this field cannot be set when spec.os.name
- is windows.'
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
type: string
- description: The GID to run the entrypoint of the
- container process. Uses runtime default if unset.
- May also be set in SecurityContext. If set in both
- SecurityContext and PodSecurityContext, the value
- specified in SecurityContext takes precedence for
- that container. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: Indicates that the container must run
- as a non-root user. If true, the Kubelet will validate
- the image at runtime to ensure that it does not
- run as UID 0 (root) and fail to start the container
- if it does. If unset or false, no such validation
- will be performed. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
- description: The UID to run the entrypoint of the
- container process. Defaults to user specified in
- image metadata if unspecified. May also be set in
- SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified in SecurityContext
- takes precedence for that container. Note that this
- field cannot be set when spec.os.name is windows.
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
- description: The SELinux context to be applied to
- all containers. If unspecified, the container runtime
- will allocate a random SELinux context for each
- container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence
- for that container. Note that this field cannot
- be set when spec.os.name is windows.
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
description: Level is SELinux level label that
@@ -6766,51 +7009,58 @@ spec:
type: string
type: object
- description: The seccomp options to use by the containers
- in this pod. Note that this field cannot be set
- when spec.os.name is windows.
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
- description: localhostProfile indicates a profile
- defined in a file on the node should be used.
- The profile must be preconfigured on the node
- to work. Must be a descending path, relative
- to the kubelet's configured seccomp profile
- location. Must only be set if type is "Localhost".
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
type: string
- description: "type indicates which kind of seccomp
- profile will be applied. Valid options are:
- \n Localhost - a profile defined in a file on
- the node should be used. RuntimeDefault - the
- container runtime default profile should be
- used. Unconfined - no profile should be applied."
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
type: string
- type
type: object
- description: A list of groups applied to the first
- process run in each container, in addition to the
- container's primary GID, the fsGroup (if specified),
- and group memberships defined in the container image
- for the uid of the container process. If unspecified,
- no additional groups are added to any container.
- Note that group memberships defined in the container
- image for the uid of the container process are still
- effective, even if they are not included in this
- list. Note that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ A list of groups applied to the first process run in each container, in
+ addition to the container's primary GID and fsGroup (if specified). If
+ the SupplementalGroupsPolicy feature is enabled, the
+ supplementalGroupsPolicy field determines whether these are in addition
+ to or instead of any group memberships defined in the container image.
+ If unspecified, no additional groups are added, though group memberships
+ defined in the container image may still be used, depending on the
+ supplementalGroupsPolicy field.
+ Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
type: array
+ x-kubernetes-list-type: atomic
+ supplementalGroupsPolicy:
+ description: |-
+ Defines how supplemental groups of the first container processes are calculated.
+ Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+ (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+ and the container runtime must implement support for this feature.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
- description: Sysctls hold a list of namespaced sysctls
- used for the pod. Pods with unsupported sysctls
- (by the container runtime) might fail to launch.
- Note that this field cannot be set when spec.os.name
- is windows.
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
description: Sysctl defines a kernel parameter to
be set
@@ -6826,333 +7076,290 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
- description: The Windows specific settings applied
- to all containers. If unspecified, the options within
- a container's SecurityContext will be used. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name
- is linux.
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
- description: GMSACredentialSpec is where the GMSA
- admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName field.
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
type: string
description: GMSACredentialSpecName is the name
of the GMSA credential spec to use.
type: string
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without the
- feature flag will result in errors when validating
- the Pod. All of a Pod's containers must have
- the same effective HostProcess value (it is
- not allowed to have a mix of HostProcess containers
- and non-HostProcess containers). In addition,
- if HostProcess is true then HostNetwork must
- also be set to true.
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
type: boolean
- description: The UserName in Windows to run the
- entrypoint of the container process. Defaults
- to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
- description: "ServiceAccountName is the name of the ServiceAccount
- to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/"
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
type: string
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the default).
- In Linux containers, this means setting the FQDN in
- the hostname field of the kernel (the nodename field
- of struct utsname). In Windows containers, this means
- setting the registry value of hostname for the registry
- key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no effect.
+ description: |-
+ If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+ In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+ In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
+ If a pod does not have FQDN, this has no effect.
Default to false.
type: boolean
- description: "Share a single process namespace between
- all of the containers in a pod. When this is set containers
- will be able to view and signal processes from other
- containers in the same pod, and the first process in
- each container will not be assigned PID 1. HostPID and
- ShareProcessNamespace cannot both be set. Optional:
- Default to false."
+ description: |-
+ Share a single process namespace between all of the containers in a pod.
+ When this is set containers will be able to view and signal processes from other containers
+ in the same pod, and the first process in each container will not be assigned PID 1.
+ HostPID and ShareProcessNamespace cannot both be set.
+ Optional: Default to false.
type: boolean
- description: If specified, the fully qualified Pod hostname
- will be "...svc.". If not specified, the pod will not have a
- domainname at all.
+ description: |-
+ If specified, the fully qualified Pod hostname will be "...svc.".
+ If not specified, the pod will not have a domainname at all.
type: string
- description: Optional duration in seconds the pod needs
- to terminate gracefully. May be decreased in delete
- request. Value must be non-negative integer. The value
- zero indicates stop immediately via the kill signal
- (no opportunity to shut down). If this value is nil,
- the default grace period will be used instead. The grace
- period is the duration in seconds after the processes
- running in the pod are sent a termination signal and
- the time when the processes are forcibly halted with
- a kill signal. Set this value longer than the expected
- cleanup time for your process. Defaults to 30 seconds.
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ If this value is nil, the default grace period will be used instead.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ Defaults to 30 seconds.
format: int64
type: integer
description: If specified, the pod's tolerations.
- description: The pod this Toleration is attached to
- tolerates any taint that matches the triple
- using the matching operator .
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
- description: Effect indicates the taint effect to
- match. Empty means match all taint effects. When
- specified, allowed values are NoSchedule, PreferNoSchedule
- and NoExecute.
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values and
- all keys.
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and Equal.
- Defaults to Equal. Exists is equivalent to wildcard
- for value, so that a pod can tolerate all taints
- of a particular category.
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
type: string
- description: TolerationSeconds represents the period
- of time the toleration (which must be of effect
- NoExecute, otherwise this field is ignored) tolerates
- the taint. By default, it is not set, which means
- tolerate the taint forever (do not evict). Zero
- and negative values will be treated as 0 (evict
- immediately) by the system.
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the value
- should be empty, otherwise just a regular string.
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
- description: TopologySpreadConstraints describes how a
- group of pods ought to spread across topology domains.
- Scheduler will schedule pods in a way which abides by
- the constraints. All topologySpreadConstraints are ANDed.
+ description: |-
+ TopologySpreadConstraints describes how a group of pods ought to spread across topology
+ domains. Scheduler will schedule pods in a way which abides by the constraints.
+ All topologySpreadConstraints are ANDed.
description: TopologySpreadConstraint specifies how
to spread matching pods among the given topology.
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector are
- counted to determine the number of pods in their
- corresponding topology domain.
+ description: |-
+ LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine the number of pods
+ in their corresponding topology domain.
description: matchExpressions is a list of label
selector requirements. The requirements are
- description: A label selector requirement
- is a selector that contains values, a key,
- and an operator that relates the key and
- values.
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
description: key is the label key that
the selector applies to.
type: string
- description: operator represents a key's
- relationship to a set of values. Valid
- operators are In, NotIn, Exists and
- DoesNotExist.
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty.
- If the operator is Exists or DoesNotExist,
- the values array must be empty. This
- array is replaced during a strategic
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
merge patch.
type: string
type: array
+ x-kubernetes-list-type: atomic
- key
- operator
type: object
type: array
+ x-kubernetes-list-type: atomic
type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is
- "In", and the values array contains only "value".
- The requirements are ANDed.
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
- description: "MatchLabelKeys is a set of pod label
- keys to select the pods over which spreading will
- be calculated. The keys are used to lookup values
- from the incoming pod labels, those key-value
- labels are ANDed with labelSelector to select
- the group of existing pods over which spreading
- will be calculated for the incoming pod. The same
- key is forbidden to exist in both MatchLabelKeys
- and LabelSelector. MatchLabelKeys cannot be set
- when LabelSelector isn't set. Keys that don't
- exist in the incoming pod labels will be ignored.
- A null or empty list means only match against
- labelSelector. \n This is a beta field and requires
- the MatchLabelKeysInPodTopologySpread feature
- gate to be enabled (enabled by default)."
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select the pods over which
+ spreading will be calculated. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are ANDed with labelSelector
+ to select the group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ MatchLabelKeys cannot be set when LabelSelector isn't set.
+ Keys that don't exist in the incoming pod labels will
+ be ignored. A null or empty list means only match against labelSelector.
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
type: string
type: array
x-kubernetes-list-type: atomic
- description: "MaxSkew describes the degree to which
- pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
- it is the maximum permitted difference between
- the number of matching pods in the target topology
- and the global minimum. The global minimum is
- the minimum number of matching pods in an eligible
- domain or zero if the number of eligible domains
- is less than MinDomains. For example, in a 3-zone
- cluster, MaxSkew is set to 1, and pods with the
- same labelSelector spread as 2/2/1: In this case,
- the global minimum is 1. | zone1 | zone2 | zone3
- | | P P | P P | P | - if MaxSkew is 1,
- incoming pod can only be scheduled to zone3 to
- become 2/2/2; scheduling it onto zone1(zone2)
- would make the ActualSkew(3-1) on zone1(zone2)
- violate MaxSkew(1). - if MaxSkew is 2, incoming
- pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It's a required field. Default
- value is 1 and 0 is not allowed."
+ description: |-
+ MaxSkew describes the degree to which pods may be unevenly distributed.
+ When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+ between the number of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods in an eligible domain
+ or zero if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 2/2/1:
+ In this case, the global minimum is 1.
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P |
+ - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
+ scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
+ When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
+ to topologies that satisfy it.
+ It's a required field. Default value is 1 and 0 is not allowed.
format: int32
type: integer
- description: "MinDomains indicates a minimum number
- of eligible domains. When the number of eligible
- domains with matching topology keys is less than
- minDomains, Pod Topology Spread treats \"global
- minimum\" as 0, and then the calculation of Skew
- is performed. And when the number of eligible
- domains with matching topology keys equals or
- greater than minDomains, this value has no effect
- on scheduling. As a result, when the number of
- eligible domains is less than minDomains, scheduler
- won't schedule more than maxSkew Pods to those
- domains. If value is nil, the constraint behaves
- as if MinDomains is equal to 1. Valid values are
- integers greater than 0. When value is not nil,
- WhenUnsatisfiable must be DoNotSchedule. \n For
- example, in a 3-zone cluster, MaxSkew is set to
- 2, MinDomains is set to 5 and pods with the same
- labelSelector spread as 2/2/2: | zone1 | zone2
- | zone3 | | P P | P P | P P | The number
- of domains is less than 5(MinDomains), so \"global
- minimum\" is treated as 0. In this situation,
- new pod with the same labelSelector cannot be
- scheduled, because computed skew will be 3(3 -
- 0) if new Pod is scheduled to any of the three
- zones, it will violate MaxSkew. \n This is a beta
- field and requires the MinDomainsInPodTopologySpread
- feature gate to be enabled (enabled by default)."
+ description: |-
+ MinDomains indicates a minimum number of eligible domains.
+ When the number of eligible domains with matching topology keys is less than minDomains,
+ Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+ And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling.
+ As a result, when the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to those domains.
+ If value is nil, the constraint behaves as if MinDomains is equal to 1.
+ Valid values are integers greater than 0.
+ When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+ For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
+ In this situation, new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
+ it will violate MaxSkew.
format: int32
type: integer
- description: "NodeAffinityPolicy indicates how we
- will treat Pod's nodeAffinity/nodeSelector when
- calculating pod topology spread skew. Options
- are: - Honor: only nodes matching nodeAffinity/nodeSelector
- are included in the calculations. - Ignore: nodeAffinity/nodeSelector
- are ignored. All nodes are included in the calculations.
- \n If this value is nil, the behavior is equivalent
- to the Honor policy. This is a beta-level feature
- default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
+ description: |-
+ NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+ when calculating pod topology spread skew. Options are:
+ - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+ - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+ If this value is nil, the behavior is equivalent to the Honor policy.
+ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
- description: "NodeTaintsPolicy indicates how we
- will treat node taints when calculating pod topology
- spread skew. Options are: - Honor: nodes without
- taints, along with tainted nodes for which the
- incoming pod has a toleration, are included. -
- Ignore: node taints are ignored. All nodes are
- included. \n If this value is nil, the behavior
- is equivalent to the Ignore policy. This is a
- beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
+ description: |-
+ NodeTaintsPolicy indicates how we will treat node taints when calculating
+ pod topology spread skew. Options are:
+ - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+ has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+ If this value is nil, the behavior is equivalent to the Ignore policy.
+ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
type: string
- description: TopologyKey is the key of node labels.
- Nodes that have a label with this key and identical
- values are considered to be in the same topology.
- We consider each as a "bucket", and
- try to put balanced number of pods into each bucket.
- We define a domain as a particular instance of
- a topology. Also, we define an eligible domain
- as a domain whose nodes meet the requirements
- of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
- If TopologyKey is "kubernetes.io/hostname", each
- Node is a domain of that topology. And, if TopologyKey
- is "topology.kubernetes.io/zone", each zone is
- a domain of that topology. It's a required field.
+ description: |-
+ TopologyKey is the key of node labels. Nodes that have a label with this key
+ and identical values are considered to be in the same topology.
+ We consider each as a "bucket", and try to put balanced number
+ of pods into each bucket.
+ We define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose nodes meet the requirements of
+ nodeAffinityPolicy and nodeTaintsPolicy.
+ e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
+ And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
+ It's a required field.
type: string
- description: 'WhenUnsatisfiable indicates how to
- deal with a pod if it doesn''t satisfy the spread
- constraint. - DoNotSchedule (default) tells the
- scheduler not to schedule it. - ScheduleAnyway
- tells the scheduler to schedule the pod in any
- location, but giving higher precedence to topologies
- that would help reduce the skew. A constraint
- is considered "Unsatisfiable" for an incoming
- pod if and only if every possible node assignment
- for that pod would violate "MaxSkew" on some topology.
- For example, in a 3-zone cluster, MaxSkew is set
- to 1, and pods with the same labelSelector spread
- as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule,
- incoming pod can only be scheduled to zone2(zone3)
- to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
- satisfies MaxSkew(1). In other words, the cluster
- can still be imbalanced, but scheduler won''t
- make it *more* imbalanced. It''s a required field.'
+ description: |-
+ WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+ the spread constraint.
+ - DoNotSchedule (default) tells the scheduler not to schedule it.
+ - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+ but giving higher precedence to topologies that would help reduce the
+ skew.
+ A constraint is considered "Unsatisfiable" for an incoming pod
+ if and only if every possible node assignment for that pod would violate
+ "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 3/1/1:
+ | zone1 | zone2 | zone3 |
+ | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
+ to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+ MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
+ won't make it *more* imbalanced.
+ It's a required field.
type: string
- maxSkew
@@ -7165,47 +7372,43 @@ spec:
- whenUnsatisfiable
x-kubernetes-list-type: map
- description: "List of volumes that can be mounted by containers
- belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes"
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
description: Volume represents a named volume in a pod
that may be accessed by any container in the pod.
- description: "awsElasticBlockStore represents an
- AWS Disk resource that is attached to a kubelet's
- host machine and then exposed to the pod. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- description: 'fsType is the filesystem type
- of the volume that you want to mount. Tip:
- Ensure that the filesystem type is supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem
- from compromising the machine'
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: string
- description: 'partition is the partition in
- the volume that you want to mount. If omitted,
- the default is to mount by volume name. Examples:
- For volume /dev/sda1, you specify the partition
- as "1". Similarly, the volume partition for
- /dev/sda is "0" (or you can leave the property
- empty).'
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
format: int32
type: integer
- description: "readOnly value true will force
- the readOnly setting in VolumeMounts. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: boolean
- description: "volumeID is unique ID of the persistent
- disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
type: string
- volumeID
@@ -7227,11 +7430,11 @@ spec:
in the blob storage
type: string
- description: fsType is Filesystem type to mount.
- Must be a filesystem type supported by the
- host operating system. Ex. "ext4", "xfs",
- "ntfs". Implicitly inferred to be "ext4" if
- unspecified.
+ default: ext4
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
description: "kind expected values are Shared:
@@ -7241,9 +7444,10 @@ spec:
set). defaults to shared"
type: string
- description: readOnly Defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
+ default: false
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
- diskName
@@ -7255,9 +7459,9 @@ spec:
- description: readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts.
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
type: boolean
description: secretName is the name of secret
@@ -7276,82 +7480,91 @@ spec:
the host that shares a pod's lifetime
- description: "monitors is Required: Monitors
- is a collection of Ceph monitors More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: string
type: array
+ x-kubernetes-list-type: atomic
description: "path is Optional: Used as the
mounted root, rather than the full Ceph tree,
default is /"
type: string
- description: "readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: boolean
- description: "secretFile is Optional: SecretFile
- is the path to key ring for User, default
- is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: string
- description: "secretRef is Optional: SecretRef
- is reference to the authentication secret
- for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
- description: "user is optional: User is the
- rados user name, default is admin More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
type: string
- monitors
type: object
- description: "cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Examples: "ext4",
- "xfs", "ntfs". Implicitly inferred to be "ext4"
- if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
type: string
- description: "readOnly defaults to false (read/write).
- ReadOnly here will force the ReadOnly setting
- in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
type: boolean
- description: "secretRef is optional: points
- to a secret object containing parameters used
- to connect to OpenStack."
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
- description: "volumeID used to identify the
- volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
type: string
- volumeID
@@ -7361,31 +7574,25 @@ spec:
should populate this volume
- description: "defaultMode is optional: mode
- bits used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
- description: items if unspecified, each key-value
- pair in the Data field of the referenced ConfigMap
- will be projected into the volume as a file
- whose name is the key and content is the value.
- If specified, the listed keys will be projected
- into the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap, the
- volume setup will error unless it is marked
- optional. Paths must be relative and may not
- contain the '..' path or start with '..'.
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
description: Maps a string key to a path within
a volume.
@@ -7394,37 +7601,36 @@ spec:
description: key is the key to project.
type: string
- description: "mode is Optional: mode bits
- used to set permissions on this file.
- Must be an octal value between 0000
- and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. If not specified,
- the volume defaultMode will be used.
- This might be in conflict with other
- options that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set."
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
- description: path is the relative path
- of the file to map the key to. May not
- be an absolute path. May not contain
- the path element '..'. May not start
- with the string '..'.
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
type: string
- key
- path
type: object
type: array
+ x-kubernetes-list-type: atomic
- description: "Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
description: optional specify whether the ConfigMap
@@ -7438,47 +7644,46 @@ spec:
CSI drivers (Beta feature).
- description: driver is the name of the CSI driver
- that handles this volume. Consult with your
- admin for the correct name as registered in
- the cluster.
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
type: string
- description: fsType to mount. Ex. "ext4", "xfs",
- "ntfs". If not provided, the empty value is
- passed to the associated CSI driver which
- will determine the default filesystem to apply.
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
type: string
- description: nodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver to complete
- the CSI NodePublishVolume and NodeUnpublishVolume
- calls. This field is optional, and may be
- empty if no secret is required. If the secret
- object contains more than one secret, all
- secret references are passed.
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
- description: "Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?"
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
- description: readOnly specifies a read-only
- configuration for the volume. Defaults to
- false (read/write).
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
type: boolean
type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI driver.
- Consult your driver's documentation for supported
- values.
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
type: object
- driver
@@ -7488,18 +7693,15 @@ spec:
about the pod that should populate this volume
- description: "Optional: mode bits to use on
- created files by default. Must be a Optional:
- mode bits used to set permissions on created
- files by default. Must be an octal value between
- 0000 and 0777 or a decimal value between 0
- and 511. YAML accepts both octal and decimal
- values, JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup, and
- the result can be other mode bits set."
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
@@ -7513,7 +7715,7 @@ spec:
description: "Required: Selects a field
of the pod: only annotations, labels,
- name and namespace are supported."
+ name, namespace and uid are supported."
description: Version of the schema
@@ -7529,18 +7731,13 @@ spec:
type: object
x-kubernetes-map-type: atomic
- description: "Optional: mode bits used
- to set permissions on this file, must
- be an octal value between 0000 and 0777
- or a decimal value between 0 and 511.
- YAML accepts both octal and decimal
- values, JSON requires decimal values
- for mode bits. If not specified, the
- volume defaultMode will be used. This
- might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set."
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
format: int32
type: integer
@@ -7552,11 +7749,9 @@ spec:
must not start with '..'"
type: string
- description: "Selects a resource of the
- container: only resources limits and
- requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory) are
- currently supported."
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
description: "Container name: required
@@ -7583,130 +7778,122 @@ spec:
- path
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
- description: "emptyDir represents a temporary directory
- that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- description: 'medium represents what type of
- storage medium should back this directory.
- The default is "" which means to use the node''s
- default medium. Must be an empty string (default)
- or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
type: string
- type: integer
- type: string
- description: "sizeLimit is the total amount
- of local storage required for this EmptyDir
- volume. The size limit is also applicable
- for memory medium. The maximum usage on memory
- medium EmptyDir would be the minimum value
- between the SizeLimit specified here and the
- sum of memory limits of all containers in
- a pod. The default is nil which means that
- the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
- description: "ephemeral represents a volume that
- is handled by a cluster storage driver. The volume's
- lifecycle is tied to the pod that defines it -
- it will be created before the pod starts, and
- deleted when the pod is removed. \n Use this if:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+ Use this if:
a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from
- snapshot or capacity tracking are needed, c) the
- storage driver is specified through a storage
- class, and d) the storage driver supports dynamic
- volume provisioning through a PersistentVolumeClaim
- (see EphemeralVolumeSource for more information
- on the connection between this volume type and
- PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes
- that persist for longer than the lifecycle of
- an individual pod. \n Use CSI for light-weight
- local ephemeral volumes if the CSI driver is meant
- to be used that way - see the documentation of
- the driver for more information. \n A pod can
- use both types of ephemeral volumes and persistent
- volumes at the same time."
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in which
- this EphemeralVolumeSource is embedded will
- be the owner of the PVC, i.e. the PVC will
- be deleted together with the pod. The name
- of the PVC will be `-`
- where `` is the name from the
- `PodSpec.Volumes` array entry. Pod validation
- will reject the pod if the concatenated name
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `-` where
+ `