From 538d2e516af1262d3a83853464819ffe913771d4 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 28 Dec 2023 16:31:50 -0800 Subject: [PATCH] Add cluster-gateway,cluster-proxy,managed-serviceaccount charts Signed-off-by: Tamal Saha --- charts/addon-manager/Chart.yaml | 6 + .../crds/clustergatewayconfigurations.yaml | 182 + .../templates/addon-manager.yaml | 24 + .../clustergatewayconfiguration.yaml | 29 + .../templates/clustermanagementaddon.yaml | 11 + .../templates/clusterrolebindings.yaml | 12 + .../addon-manager/templates/clusterroles.yaml | 128 + .../templates/rolebinder-kubesystem.yaml | 13 + .../addon-manager/templates/rolebinder.yaml | 13 + .../templates/serviceaccount.yaml | 5 + charts/addon-manager/values.yaml | 14 + charts/cluster-gateway/Chart.yaml | 6 + .../cluster-gateway/templates/apiservice.yaml | 17 + .../templates/cluster-gateway-apiserver.yaml | 55 + .../templates/cluster-gateway-service.yaml | 12 + .../templates/clusterrolebindings.yaml | 12 + .../templates/clusterroles.yaml | 45 + .../templates/rolebindings.yaml | 13 + .../templates/secret-namespace.yaml | 4 + .../templates/secret-rolebindings.yaml | 13 + .../templates/secret-roles.yaml | 12 + .../templates/serviceaccount.yaml | 5 + charts/cluster-gateway/values.yaml | 21 + charts/cluster-proxy/Chart.yaml | 6 + .../common/clustermanagementaddon.yaml | 15 + .../common/managedproxyconfiguration.yaml | 29 + ...management.io_clustermanagementaddons.yaml | 560 ++ .../crds/managedproxyconfigurations.yaml | 399 ++ .../crds/managedproxyserviceresolvers.yaml | 180 + .../cluster-proxy/templates/clusterrole.yaml | 125 + .../templates/clusterrolebinding.yaml | 12 + charts/cluster-proxy/templates/k8s/addon.yaml | 9 + .../templates/manager-deployment.yaml | 52 + .../cluster-proxy/templates/ocm-mc/addon.yaml | 45 + .../cluster-proxy/templates/ocm-mc/crds.yaml | 62 + charts/cluster-proxy/templates/role.yaml | 40 + .../cluster-proxy/templates/rolebinding.yaml | 13 + .../templates/serviceaccount.yaml | 5 + charts/cluster-proxy/values.yaml | 27 + charts/fluxcd-addon-manager/Chart.yaml | 2 +- .../addon/clustermanagementaddon.yaml | 0 .../addon/clustersetsbinding.yaml | 0 .../common/addon/fluxcd_config.yaml | 13 + .../addon/namespace.yaml | 0 .../addon/placement.yaml | 0 ...n-cluster-management.io_fluxcdconfigs.yaml | 4960 ----------------- .../templates/addon/fluxcd_config.yaml | 48 - .../templates/deployment.yaml | 44 + .../templates/k8s/addon.yaml | 18 + .../{manager => k8s}/cluster_role.yaml | 6 +- .../cluster_role_binding.yaml | 4 + .../{manager => k8s}/serviceaccount.yaml | 4 + .../templates/manager/deployment.yaml | 24 - .../templates/ocm-mc/addon.yaml | 54 + .../templates/ocm-mc/crds.yaml | 62 + charts/fluxcd-addon-manager/values.yaml | 308 +- charts/managed-serviceaccount/Chart.yaml | 6 + .../common/clustermanagementaddon.yaml | 26 + .../common/managedclusteraddon.yaml | 13 + ...management.io_clustermanagementaddons.yaml | 560 ++ ...er-management.io_managedclusteraddons.yaml | 400 ++ ...-management.io_managedserviceaccounts.yaml | 330 ++ .../addon-manager-clusterrolebinding.yaml | 16 + .../addontemplate/addondeploymentconfig.yaml | 9 + .../addontemplate/addontemplate.yaml | 145 + .../agent-registration-clusterrole.yaml | 36 + .../templates/k8s/addon.yaml | 11 + .../templates/k8s/clusterrole.yaml | 151 + .../templates/k8s/clusterrolebinding.yaml | 14 + .../templates/k8s/serviceaccount.yaml | 7 + .../templates/manager-deployment.yaml | 61 + .../templates/ocm-mc/addon.yaml | 45 + .../templates/ocm-mc/crds.yaml | 62 + charts/managed-serviceaccount/values.yaml | 26 + hack/scripts/import-crds.sh | 9 + 75 files changed, 4370 insertions(+), 5335 deletions(-) create mode 100644 charts/addon-manager/Chart.yaml create mode 100644 charts/addon-manager/crds/clustergatewayconfigurations.yaml create mode 100644 charts/addon-manager/templates/addon-manager.yaml create mode 100644 charts/addon-manager/templates/clustergatewayconfiguration.yaml create mode 100644 charts/addon-manager/templates/clustermanagementaddon.yaml create mode 100644 charts/addon-manager/templates/clusterrolebindings.yaml create mode 100644 charts/addon-manager/templates/clusterroles.yaml create mode 100644 charts/addon-manager/templates/rolebinder-kubesystem.yaml create mode 100644 charts/addon-manager/templates/rolebinder.yaml create mode 100644 charts/addon-manager/templates/serviceaccount.yaml create mode 100644 charts/addon-manager/values.yaml create mode 100644 charts/cluster-gateway/Chart.yaml create mode 100644 charts/cluster-gateway/templates/apiservice.yaml create mode 100644 charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml create mode 100644 charts/cluster-gateway/templates/cluster-gateway-service.yaml create mode 100644 charts/cluster-gateway/templates/clusterrolebindings.yaml create mode 100644 charts/cluster-gateway/templates/clusterroles.yaml create mode 100644 charts/cluster-gateway/templates/rolebindings.yaml create mode 100644 charts/cluster-gateway/templates/secret-namespace.yaml create mode 100644 charts/cluster-gateway/templates/secret-rolebindings.yaml create mode 100644 charts/cluster-gateway/templates/secret-roles.yaml create mode 100644 charts/cluster-gateway/templates/serviceaccount.yaml create mode 100644 charts/cluster-gateway/values.yaml create mode 100644 charts/cluster-proxy/Chart.yaml create mode 100644 charts/cluster-proxy/common/clustermanagementaddon.yaml create mode 100644 charts/cluster-proxy/common/managedproxyconfiguration.yaml create mode 100644 charts/cluster-proxy/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml create mode 100644 charts/cluster-proxy/crds/managedproxyconfigurations.yaml create mode 100644 charts/cluster-proxy/crds/managedproxyserviceresolvers.yaml create mode 100644 charts/cluster-proxy/templates/clusterrole.yaml create mode 100644 charts/cluster-proxy/templates/clusterrolebinding.yaml create mode 100644 charts/cluster-proxy/templates/k8s/addon.yaml create mode 100644 charts/cluster-proxy/templates/manager-deployment.yaml create mode 100644 charts/cluster-proxy/templates/ocm-mc/addon.yaml create mode 100644 charts/cluster-proxy/templates/ocm-mc/crds.yaml create mode 100644 charts/cluster-proxy/templates/role.yaml create mode 100644 charts/cluster-proxy/templates/rolebinding.yaml create mode 100644 charts/cluster-proxy/templates/serviceaccount.yaml create mode 100644 charts/cluster-proxy/values.yaml rename charts/fluxcd-addon-manager/{templates => common}/addon/clustermanagementaddon.yaml (100%) rename charts/fluxcd-addon-manager/{templates => common}/addon/clustersetsbinding.yaml (100%) create mode 100644 charts/fluxcd-addon-manager/common/addon/fluxcd_config.yaml rename charts/fluxcd-addon-manager/{templates => common}/addon/namespace.yaml (100%) rename charts/fluxcd-addon-manager/{templates => common}/addon/placement.yaml (100%) delete mode 100644 charts/fluxcd-addon-manager/templates/addon/fluxcd_config.yaml create mode 100644 charts/fluxcd-addon-manager/templates/deployment.yaml create mode 100644 charts/fluxcd-addon-manager/templates/k8s/addon.yaml rename charts/fluxcd-addon-manager/templates/{manager => k8s}/cluster_role.yaml (96%) rename charts/fluxcd-addon-manager/templates/{manager => k8s}/cluster_role_binding.yaml (84%) rename charts/fluxcd-addon-manager/templates/{manager => k8s}/serviceaccount.yaml (64%) delete mode 100644 charts/fluxcd-addon-manager/templates/manager/deployment.yaml create mode 100644 charts/fluxcd-addon-manager/templates/ocm-mc/addon.yaml create mode 100644 charts/fluxcd-addon-manager/templates/ocm-mc/crds.yaml create mode 100644 charts/managed-serviceaccount/Chart.yaml create mode 100644 charts/managed-serviceaccount/common/clustermanagementaddon.yaml create mode 100644 charts/managed-serviceaccount/common/managedclusteraddon.yaml create mode 100644 charts/managed-serviceaccount/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml create mode 100644 charts/managed-serviceaccount/crds/addon.open-cluster-management.io_managedclusteraddons.yaml create mode 100644 charts/managed-serviceaccount/crds/authentication.open-cluster-management.io_managedserviceaccounts.yaml create mode 100644 charts/managed-serviceaccount/templates/addontemplate/addon-manager-clusterrolebinding.yaml create mode 100644 charts/managed-serviceaccount/templates/addontemplate/addondeploymentconfig.yaml create mode 100644 charts/managed-serviceaccount/templates/addontemplate/addontemplate.yaml create mode 100644 charts/managed-serviceaccount/templates/addontemplate/agent-registration-clusterrole.yaml create mode 100644 charts/managed-serviceaccount/templates/k8s/addon.yaml create mode 100644 charts/managed-serviceaccount/templates/k8s/clusterrole.yaml create mode 100644 charts/managed-serviceaccount/templates/k8s/clusterrolebinding.yaml create mode 100644 charts/managed-serviceaccount/templates/k8s/serviceaccount.yaml create mode 100644 charts/managed-serviceaccount/templates/manager-deployment.yaml create mode 100644 charts/managed-serviceaccount/templates/ocm-mc/addon.yaml create mode 100644 charts/managed-serviceaccount/templates/ocm-mc/crds.yaml create mode 100644 charts/managed-serviceaccount/values.yaml diff --git a/charts/addon-manager/Chart.yaml b/charts/addon-manager/Chart.yaml new file mode 100644 index 00000000..3c68a7f5 --- /dev/null +++ b/charts/addon-manager/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: cluster-gateway-addon-manager +description: A Helm chart for Cluster-Gateway Addon-Manager +type: application +version: 0.1.0 +appVersion: 1.0.0 diff --git a/charts/addon-manager/crds/clustergatewayconfigurations.yaml b/charts/addon-manager/crds/clustergatewayconfigurations.yaml new file mode 100644 index 00000000..b678a8ac --- /dev/null +++ b/charts/addon-manager/crds/clustergatewayconfigurations.yaml @@ -0,0 +1,182 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: clustergatewayconfigurations.proxy.open-cluster-management.io +spec: + group: proxy.open-cluster-management.io + names: + kind: ClusterGatewayConfiguration + listKind: ClusterGatewayConfigurationList + plural: clustergatewayconfigurations + singular: clustergatewayconfiguration + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + egress: + properties: + clusterProxy: + properties: + credentials: + properties: + namespace: + type: string + proxyClientCASecretName: + type: string + proxyClientSecretName: + type: string + required: + - namespace + - proxyClientCASecretName + - proxyClientSecretName + type: object + proxyServerHost: + type: string + proxyServerPort: + format: int32 + type: integer + required: + - credentials + - proxyServerHost + - proxyServerPort + type: object + type: + type: string + required: + - type + type: object + image: + type: string + installNamespace: + type: string + secretManagement: + properties: + managedServiceAccount: + properties: + name: + default: cluster-gateway + type: string + type: object + type: + default: ManagedServiceAccount + enum: + - Manual + - ManagedServiceAccount + type: string + type: object + secretNamespace: + type: string + required: + - egress + - image + - installNamespace + - secretManagement + - secretNamespace + type: object + status: + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastObservedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/addon-manager/templates/addon-manager.yaml b/charts/addon-manager/templates/addon-manager.yaml new file mode 100644 index 00000000..aa2300e7 --- /dev/null +++ b/charts/addon-manager/templates/addon-manager.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cluster-gateway-addon-manager + namespace: {{ .Release.Namespace }} + labels: + app: cluster-gateway-addon-manager +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: cluster-gateway-addon-manager + template: + metadata: + labels: + app: cluster-gateway-addon-manager + spec: + serviceAccount: cluster-gateway-addon-manager + containers: + - name: cluster-gateway-addon-manager + image: {{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + imagePullPolicy: IfNotPresent + args: + - --leader-elect=true \ No newline at end of file diff --git a/charts/addon-manager/templates/clustergatewayconfiguration.yaml b/charts/addon-manager/templates/clustergatewayconfiguration.yaml new file mode 100644 index 00000000..6736d796 --- /dev/null +++ b/charts/addon-manager/templates/clustergatewayconfiguration.yaml @@ -0,0 +1,29 @@ +apiVersion: proxy.open-cluster-management.io/v1alpha1 +kind: ClusterGatewayConfiguration +metadata: + name: cluster-gateway +spec: + image: {{ .Values.clusterGateway.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + installNamespace: {{ .Values.clusterGateway.installNamespace }} + secretNamespace: {{ .Values.clusterGateway.secretNamespace }} + secretManagement: + {{ if .Values.manualSecretManagement }} + type: Manual + {{ else }} + type: ManagedServiceAccount + managedServiceAccount: + name: cluster-gateway + {{ end }} + egress: + {{ if .Values.konnectivityEgress }} + type: ClusterProxy + clusterProxy: + proxyServerHost: "proxy-entrypoint.open-cluster-management-addon" + proxyServerPort: 8090 + credentials: + namespace: open-cluster-management-addon + proxyClientCASecretName: proxy-server-ca + proxyClientSecretName: proxy-client + {{ else }} + type: Direct + {{ end }} diff --git a/charts/addon-manager/templates/clustermanagementaddon.yaml b/charts/addon-manager/templates/clustermanagementaddon.yaml new file mode 100644 index 00000000..f8357119 --- /dev/null +++ b/charts/addon-manager/templates/clustermanagementaddon.yaml @@ -0,0 +1,11 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: ClusterManagementAddOn +metadata: + name: cluster-gateway +spec: + addOnMeta: + displayName: cluster-gateway + description: cluster-gateway + addOnConfiguration: + crdName: clustergatewayconfigurations.proxy.open-cluster-management.io + crName: cluster-gateway diff --git a/charts/addon-manager/templates/clusterrolebindings.yaml b/charts/addon-manager/templates/clusterrolebindings.yaml new file mode 100644 index 00000000..fdcc427b --- /dev/null +++ b/charts/addon-manager/templates/clusterrolebindings.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: open-cluster-management:cluster-gateway:managedcluster-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: open-cluster-management:cluster-gateway:managedcluster-reader +subjects: + - kind: ServiceAccount + name: cluster-gateway-addon-manager + namespace: {{ .Release.Namespace }} diff --git a/charts/addon-manager/templates/clusterroles.yaml b/charts/addon-manager/templates/clusterroles.yaml new file mode 100644 index 00000000..55776083 --- /dev/null +++ b/charts/addon-manager/templates/clusterroles.yaml @@ -0,0 +1,128 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: open-cluster-management:cluster-gateway:managedcluster-reader +rules: + - apiGroups: + - cluster.open-cluster-management.io + resources: + - managedclusters + verbs: + - get + - list + - watch + - apiGroups: + - authentication.open-cluster-management.io + resources: + - managedserviceaccounts + verbs: + - "*" + - apiGroups: + - proxy.open-cluster-management.io + resources: + - clustergatewayconfigurations + verbs: + - "*" + - apiGroups: + - cluster.core.oam.dev + resources: + - clustergateways/health + - clustergateways/proxy + verbs: + - "*" + - apiGroups: + - "" + resources: + - namespaces + - secrets + - configmaps + - events + - serviceaccounts + - services + verbs: + - "*" + - apiGroups: + - apps + resources: + - deployments + verbs: + - "*" + - apiGroups: + - work.open-cluster-management.io + resources: + - manifestworks + verbs: + - "*" + - apiGroups: + - addon.open-cluster-management.io + resources: + - clustermanagementaddons + - managedclusteraddons + - clustermanagementaddons/status + - managedclusteraddons/status + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - apiGroups: + - flowcontrol.apiserver.k8s.io + resources: + - prioritylevelconfigurations + - flowschemas + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - create + - bind + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - "*" + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - "*" + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - "*" \ No newline at end of file diff --git a/charts/addon-manager/templates/rolebinder-kubesystem.yaml b/charts/addon-manager/templates/rolebinder-kubesystem.yaml new file mode 100644 index 00000000..057d06bf --- /dev/null +++ b/charts/addon-manager/templates/rolebinder-kubesystem.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: open-cluster-management:cluster-gateway:role-grantor + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: open-cluster-management:cluster-gateway:managedcluster-reader +subjects: + - kind: ServiceAccount + name: cluster-gateway-addon-manager + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/addon-manager/templates/rolebinder.yaml b/charts/addon-manager/templates/rolebinder.yaml new file mode 100644 index 00000000..937dacba --- /dev/null +++ b/charts/addon-manager/templates/rolebinder.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: open-cluster-management:cluster-gateway:role-grantor + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: open-cluster-management:cluster-gateway:managedcluster-reader +subjects: + - kind: ServiceAccount + name: cluster-gateway-addon-manager + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/addon-manager/templates/serviceaccount.yaml b/charts/addon-manager/templates/serviceaccount.yaml new file mode 100644 index 00000000..bf3c4d67 --- /dev/null +++ b/charts/addon-manager/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-gateway-addon-manager + namespace: {{ .Release.Namespace }} diff --git a/charts/addon-manager/values.yaml b/charts/addon-manager/values.yaml new file mode 100644 index 00000000..1f0ec3eb --- /dev/null +++ b/charts/addon-manager/values.yaml @@ -0,0 +1,14 @@ +# Image of the cluster-gateway instances +image: oamdev/cluster-gateway-addon-manager + +tag: + +clusterGateway: + image: oamdev/cluster-gateway + installNamespace: vela-system + secretNamespace: open-cluster-management-credentials +# Number of replicas +replicas: 1 + +manualSecretManagement: true +konnectivityEgress: false \ No newline at end of file diff --git a/charts/cluster-gateway/Chart.yaml b/charts/cluster-gateway/Chart.yaml new file mode 100644 index 00000000..a85a6e86 --- /dev/null +++ b/charts/cluster-gateway/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: cluster-gateway +description: A Helm chart for Cluster-Gateway +type: application +version: 0.1.0 +appVersion: 1.0.0 diff --git a/charts/cluster-gateway/templates/apiservice.yaml b/charts/cluster-gateway/templates/apiservice.yaml new file mode 100644 index 00000000..48e42b3b --- /dev/null +++ b/charts/cluster-gateway/templates/apiservice.yaml @@ -0,0 +1,17 @@ +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha1.cluster.core.oam.dev + labels: + api: cluster-extension-apiserver + apiserver: "true" +spec: + version: v1alpha1 + group: cluster.core.oam.dev + groupPriorityMinimum: 2000 + service: + name: gateway-service + namespace: {{ .Release.Namespace }} + port: 9443 + versionPriority: 10 + insecureSkipTLSVerify: true \ No newline at end of file diff --git a/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml b/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml new file mode 100644 index 00000000..b535a80a --- /dev/null +++ b/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gateway-deployment + namespace: {{ .Release.Namespace }} + labels: + app: gateway +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: gateway + template: + metadata: + labels: + app: gateway + spec: + serviceAccount: cluster-gateway + volumes: + - name: proxy-client + secret: + secretName: proxy-client + - name: proxy-server-ca + secret: + secretName: proxy-server-ca + containers: + - name: gateway + image: {{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + imagePullPolicy: IfNotPresent + args: + - --secure-port=9443 + - --secret-namespace={{ .Values.secretNamespace }} + {{ if .Values.ocmIntegration.enabled }} + - --ocm-integration=true + {{ if .Values.ocmIntegration.clusterProxy.enabled }} + - --proxy-host={{ .Values.ocmIntegration.clusterProxy.endpoint.host }} + - --proxy-port={{ .Values.ocmIntegration.clusterProxy.endpoint.port }} + - --proxy-ca-cert=/etc/ca/ca.crt + - --proxy-cert=/etc/tls/tls.crt + - --proxy-key=/etc/tls/tls.key + {{ end }} + {{ end }} + - --feature-gates={{ if .Values.featureGate.healthiness }}HealthinessCheck=true,{{ end }}{{ if .Values.featureGate.secretCache }}SecretCache=true,{{ end }} + # TODO: certificate rotation, otherwise the self-signed will expire in 1 year + {{ if .Values.ocmIntegration.clusterProxy.enabled }} + volumeMounts: + - name: proxy-client + mountPath: "/etc/tls/" + readOnly: true + - name: proxy-server-ca + mountPath: "/etc/ca/" + readOnly: true + {{ end }} + ports: + - containerPort: 9443 diff --git a/charts/cluster-gateway/templates/cluster-gateway-service.yaml b/charts/cluster-gateway/templates/cluster-gateway-service.yaml new file mode 100644 index 00000000..ab39dd29 --- /dev/null +++ b/charts/cluster-gateway/templates/cluster-gateway-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gateway-service + namespace: {{ .Release.Namespace }} +spec: + selector: + app: gateway + ports: + - protocol: TCP + port: 9443 + targetPort: 9443 \ No newline at end of file diff --git a/charts/cluster-gateway/templates/clusterrolebindings.yaml b/charts/cluster-gateway/templates/clusterrolebindings.yaml new file mode 100644 index 00000000..9e4264d1 --- /dev/null +++ b/charts/cluster-gateway/templates/clusterrolebindings.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: open-cluster-management:cluster-gateway:managedcluster-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: open-cluster-management:cluster-gateway:managedcluster-reader +subjects: + - kind: ServiceAccount + name: cluster-gateway + namespace: {{ .Release.Namespace }} diff --git a/charts/cluster-gateway/templates/clusterroles.yaml b/charts/cluster-gateway/templates/clusterroles.yaml new file mode 100644 index 00000000..898c48d9 --- /dev/null +++ b/charts/cluster-gateway/templates/clusterroles.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: open-cluster-management:cluster-gateway:managedcluster-reader +rules: + - apiGroups: + - cluster.open-cluster-management.io + resources: + - managedclusters + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - apiGroups: + - flowcontrol.apiserver.k8s.io + resources: + - prioritylevelconfigurations + - flowschemas + verbs: + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - "*" \ No newline at end of file diff --git a/charts/cluster-gateway/templates/rolebindings.yaml b/charts/cluster-gateway/templates/rolebindings.yaml new file mode 100644 index 00000000..534c2301 --- /dev/null +++ b/charts/cluster-gateway/templates/rolebindings.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: system:extension-apiserver-authentication-reader:cluster-gateway + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: cluster-gateway + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/cluster-gateway/templates/secret-namespace.yaml b/charts/cluster-gateway/templates/secret-namespace.yaml new file mode 100644 index 00000000..9d2f362d --- /dev/null +++ b/charts/cluster-gateway/templates/secret-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.secretNamespace }} \ No newline at end of file diff --git a/charts/cluster-gateway/templates/secret-rolebindings.yaml b/charts/cluster-gateway/templates/secret-rolebindings.yaml new file mode 100644 index 00000000..ad3d6706 --- /dev/null +++ b/charts/cluster-gateway/templates/secret-rolebindings.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cluster-gateway-secret-reader + namespace: {{ .Values.secretNamespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cluster-gateway-secret-reader +subjects: + - kind: ServiceAccount + name: cluster-gateway + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/cluster-gateway/templates/secret-roles.yaml b/charts/cluster-gateway/templates/secret-roles.yaml new file mode 100644 index 00000000..2db55f10 --- /dev/null +++ b/charts/cluster-gateway/templates/secret-roles.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cluster-gateway-secret-reader + namespace: {{ .Values.secretNamespace }} +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "*" diff --git a/charts/cluster-gateway/templates/serviceaccount.yaml b/charts/cluster-gateway/templates/serviceaccount.yaml new file mode 100644 index 00000000..fa08bddf --- /dev/null +++ b/charts/cluster-gateway/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cluster-gateway + namespace: {{ .Release.Namespace }} diff --git a/charts/cluster-gateway/values.yaml b/charts/cluster-gateway/values.yaml new file mode 100644 index 00000000..4d1b13d1 --- /dev/null +++ b/charts/cluster-gateway/values.yaml @@ -0,0 +1,21 @@ +# Image of the cluster-gateway instances +image: oamdev/cluster-gateway + +tag: + +# Number of replicas +replicas: 1 +# A secured namespace for reading cluster secrets +secretNamespace: open-cluster-management-credentials + +ocmIntegration: + enabled: false + clusterProxy: + enabled: false + endpoint: + host: proxy-entrypoint.open-cluster-management-cluster-proxy + port: 8090 + +featureGate: + healthiness: false + secretCache: false \ No newline at end of file diff --git a/charts/cluster-proxy/Chart.yaml b/charts/cluster-proxy/Chart.yaml new file mode 100644 index 00000000..050bce74 --- /dev/null +++ b/charts/cluster-proxy/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: cluster-proxy +description: A Helm chart for Cluster-Proxy OCM Addon +type: application +version: 0.3.0 +appVersion: 1.0.0 diff --git a/charts/cluster-proxy/common/clustermanagementaddon.yaml b/charts/cluster-proxy/common/clustermanagementaddon.yaml new file mode 100644 index 00000000..0418fc3a --- /dev/null +++ b/charts/cluster-proxy/common/clustermanagementaddon.yaml @@ -0,0 +1,15 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: ClusterManagementAddOn +metadata: + name: cluster-proxy +spec: + addOnMeta: + displayName: cluster-proxy + description: cluster-proxy + supportedConfigs: + - group: proxy.open-cluster-management.io + resource: managedproxyconfigurations + defaultConfig: + name: cluster-proxy + - group: addon.open-cluster-management.io + resource: addondeploymentconfigs diff --git a/charts/cluster-proxy/common/managedproxyconfiguration.yaml b/charts/cluster-proxy/common/managedproxyconfiguration.yaml new file mode 100644 index 00000000..194d977f --- /dev/null +++ b/charts/cluster-proxy/common/managedproxyconfiguration.yaml @@ -0,0 +1,29 @@ +apiVersion: proxy.open-cluster-management.io/v1alpha1 +kind: ManagedProxyConfiguration +metadata: + name: cluster-proxy +spec: + authentication: + dump: + secrets: {} + signer: + type: SelfSigned + proxyServer: + image: {{ .Values.proxyServerImage }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + replicas: {{ .Values.replicas }} + namespace: {{ .Release.Namespace }} + entrypoint: + {{- if .Values.proxyServer.entrypointAddress }} + type: Hostname + hostname: + value: {{ .Values.proxyServer.entrypointAddress }} + {{- else if .Values.proxyServer.entrypointLoadBalancer }} + type: LoadBalancerService + loadBalancerService: {} + {{- else }} + type: PortForward + {{- end }} + port: {{ .Values.proxyServer.port }} + proxyAgent: + image: {{ .Values.proxyAgentImage }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + replicas: {{ .Values.replicas }} diff --git a/charts/cluster-proxy/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml b/charts/cluster-proxy/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml new file mode 100644 index 00000000..2f6a1dda --- /dev/null +++ b/charts/cluster-proxy/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml @@ -0,0 +1,560 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustermanagementaddons.addon.open-cluster-management.io +spec: + group: addon.open-cluster-management.io + names: + kind: ClusterManagementAddOn + listKind: ClusterManagementAddOnList + plural: clustermanagementaddons + shortNames: + - cma + - cmas + singular: clustermanagementaddon + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.addOnMeta.displayName + name: DISPLAY NAME + type: string + - jsonPath: .spec.addOnConfiguration.crdName + name: CRD NAME + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterManagementAddOn represents the registration of an add-on + to the cluster manager. This resource allows the user to discover which + add-on is available for the cluster manager and also provides metadata information + about the add-on. This resource also provides a linkage to ManagedClusterAddOn, + the name of the ClusterManagementAddOn resource will be used for the namespace-scoped + ManagedClusterAddOn resource. ClusterManagementAddOn is a cluster-scoped + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec represents a desired configuration for the agent on + the cluster management add-on. + properties: + addOnConfiguration: + description: 'Deprecated: Use supportedConfigs filed instead addOnConfiguration + is a reference to configuration information for the add-on. In scenario + where a multiple add-ons share the same add-on CRD, multiple ClusterManagementAddOn + resources need to be created and reference the same AddOnConfiguration.' + properties: + crName: + description: crName is the name of the CR used to configure instances + of the managed add-on. This field should be configured if add-on + CR have a consistent name across the all of the ManagedCluster + instaces. + type: string + crdName: + description: crdName is the name of the CRD used to configure + instances of the managed add-on. This field should be configured + if the add-on have a CRD that controls the configuration of + the add-on. + type: string + lastObservedGeneration: + description: lastObservedGeneration is the observed generation + of the custom resource for the configuration of the addon. + format: int64 + type: integer + type: object + addOnMeta: + description: addOnMeta is a reference to the metadata information + for the add-on. + properties: + description: + description: description represents the detailed description of + the add-on. + type: string + displayName: + description: displayName represents the name of add-on that will + be displayed. + type: string + type: object + installStrategy: + default: + type: Manual + description: InstallStrategy represents that related ManagedClusterAddOns + should be installed on certain clusters. + properties: + placements: + description: Placements is a list of placement references honored + when install strategy type is Placements. All clusters selected + by these placements will install the addon If one cluster belongs + to multiple placements, it will only apply the strategy defined + later in the order. That is to say, The latter strategy overrides + the previous one. + items: + properties: + configs: + description: Configs is the configuration of managedClusterAddon + during installation. User can override the configuration + by updating the managedClusterAddon directly. + items: + properties: + group: + default: "" + description: group of the add-on configuration. + type: string + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. + If this field is not set, the configuration is in + the cluster scope. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - name + - resource + type: object + type: array + name: + description: Name is the name of the placement + minLength: 1 + type: string + namespace: + description: Namespace is the namespace of the placement + minLength: 1 + type: string + rolloutStrategy: + default: + type: All + description: The rollout strategy to apply addon configurations + change. The rollout strategy only watches the addon configurations + defined in ClusterManagementAddOn. + properties: + all: + description: All define required fields for RolloutStrategy + type All + properties: + timeout: + default: None + description: Timeout define how long workload applier + controller will wait till workload reach successful + state in the cluster. Timeout default value is + None meaning the workload applier will not proceed + apply workload to other clusters if did not reach + the successful state. Timeout must be defined + in [0-9h]|[0-9m]|[0-9s] format examples; 2h , + 90m , 360s + pattern: ^(([0-9])+[h|m|s])|None$ + type: string + type: object + progressive: + description: Progressive define required fields for + RolloutStrategy type Progressive + properties: + mandatoryDecisionGroups: + description: List of the decision groups names or + indexes to apply the workload first and fail if + workload did not reach successful state. GroupName + or GroupIndex must match with the decisionGroups + defined in the placement's decisionStrategy + items: + description: MandatoryDecisionGroup set the decision + group name or group index. GroupName is considered + first to select the decisionGroups then GroupIndex. + properties: + groupIndex: + description: GroupIndex of the decision group + should match the placementDecisions label + value with label key cluster.open-cluster-management.io/decision-group-index + format: int32 + type: integer + groupName: + description: GroupName of the decision group + should match the placementDecisions label + value with label key cluster.open-cluster-management.io/decision-group-name + type: string + type: object + type: array + maxConcurrency: + anyOf: + - type: integer + - type: string + description: MaxConcurrency is the max number of + clusters to deploy workload concurrently. The + default value for MaxConcurrency is determined + from the clustersPerDecisionGroup defined in the + placement->DecisionStrategy. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + timeout: + default: None + description: Timeout define how long workload applier + controller will wait till workload reach successful + state in the cluster. Timeout default value is + None meaning the workload applier will not proceed + apply workload to other clusters if did not reach + the successful state. Timeout must be defined + in [0-9h]|[0-9m]|[0-9s] format examples; 2h , + 90m , 360s + pattern: ^(([0-9])+[h|m|s])|None$ + type: string + type: object + progressivePerGroup: + description: ProgressivePerGroup define required fields + for RolloutStrategy type ProgressivePerGroup + properties: + mandatoryDecisionGroups: + description: List of the decision groups names or + indexes to apply the workload first and fail if + workload did not reach successful state. GroupName + or GroupIndex must match with the decisionGroups + defined in the placement's decisionStrategy + items: + description: MandatoryDecisionGroup set the decision + group name or group index. GroupName is considered + first to select the decisionGroups then GroupIndex. + properties: + groupIndex: + description: GroupIndex of the decision group + should match the placementDecisions label + value with label key cluster.open-cluster-management.io/decision-group-index + format: int32 + type: integer + groupName: + description: GroupName of the decision group + should match the placementDecisions label + value with label key cluster.open-cluster-management.io/decision-group-name + type: string + type: object + type: array + timeout: + default: None + description: Timeout define how long workload applier + controller will wait till workload reach successful + state in the cluster. Timeout default value is + None meaning the workload applier will not proceed + apply workload to other clusters if did not reach + the successful state. Timeout must be defined + in [0-9h]|[0-9m]|[0-9s] format examples; 2h , + 90m , 360s + pattern: ^(([0-9])+[h|m|s])|None$ + type: string + type: object + type: + default: All + description: Rollout strategy Types are All, Progressive + and ProgressivePerGroup 1) All means apply the workload + to all clusters in the decision groups at once. 2) + Progressive means apply the workload to the selected + clusters progressively per cluster. The workload will + not be applied to the next cluster unless one of the + current applied clusters reach the successful state + or timeout. 3) ProgressivePerGroup means apply the + workload to decisionGroup clusters progressively per + group. The workload will not be applied to the next + decisionGroup unless all clusters in the current group + reach the successful state or timeout. + enum: + - All + - Progressive + - ProgressivePerGroup + type: string + type: object + required: + - name + - namespace + type: object + type: array + x-kubernetes-list-map-keys: + - namespace + - name + x-kubernetes-list-type: map + type: + default: Manual + description: 'Type is the type of the install strategy, it can + be: - Manual: no automatic install - Placements: install to + clusters selected by placements.' + enum: + - Manual + - Placements + type: string + type: object + supportedConfigs: + description: supportedConfigs is a list of configuration types supported + by add-on. An empty list means the add-on does not require configurations. + The default is an empty list + items: + description: ConfigMeta represents a collection of metadata information + for add-on configuration. + properties: + defaultConfig: + description: defaultConfig represents the namespace and name + of the default add-on configuration. In scenario where all + add-ons have a same configuration. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. If this + field is not set, the configuration is in the cluster + scope. + type: string + required: + - name + type: object + group: + default: "" + description: group of the add-on configuration. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + x-kubernetes-list-type: map + type: object + status: + description: status represents the current status of cluster management + add-on. + properties: + defaultconfigReferences: + description: defaultconfigReferences is a list of current add-on default + configuration references. + items: + description: DefaultConfigReference is a reference to the current + add-on configuration. This resource is used to record the configuration + resource for the current add-on. + properties: + desiredConfig: + description: desiredConfig record the desired config spec hash. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. If this + field is not set, the configuration is in the cluster + scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + group: + default: "" + description: group of the add-on configuration. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - resource + type: object + type: array + installProgressions: + description: installProgression is a list of current add-on configuration + references per placement. + items: + properties: + conditions: + description: conditions describe the state of the managed and + monitored components for the operator. + items: + description: "Condition contains details for one aspect of + the current state of this API Resource. --- This struct + is intended for direct use as an array at the field path + .status.conditions. For example, \n type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields + }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should + be when the underlying condition changed. If that is + not known, then using the time when the API field changed + is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the + current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. The value should + be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is + (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + configReferences: + description: configReferences is a list of current add-on configuration + references. + items: + description: InstallConfigReference is a reference to the + current add-on configuration. This resource is used to record + the configuration resource for the current add-on. + properties: + desiredConfig: + description: desiredConfig record the desired config name + and spec hash. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. + If this field is not set, the configuration is in + the cluster scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + group: + default: "" + description: group of the add-on configuration. + type: string + lastAppliedConfig: + description: lastAppliedConfig records the config spec + hash when the all the corresponding ManagedClusterAddOn + are applied successfully. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. + If this field is not set, the configuration is in + the cluster scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + lastKnownGoodConfig: + description: lastKnownGoodConfig records the last known + good config spec hash. For fresh install or rollout + with type UpdateAll or RollingUpdate, the lastKnownGoodConfig + is the same as lastAppliedConfig. For rollout with type + RollingUpdateWithCanary, the lastKnownGoodConfig is + the last successfully applied config spec hash of the + canary placement. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. + If this field is not set, the configuration is in + the cluster scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - resource + type: object + type: array + name: + description: Name is the name of the placement + minLength: 1 + type: string + namespace: + description: Namespace is the namespace of the placement + minLength: 1 + type: string + required: + - name + - namespace + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/cluster-proxy/crds/managedproxyconfigurations.yaml b/charts/cluster-proxy/crds/managedproxyconfigurations.yaml new file mode 100644 index 00000000..1597579e --- /dev/null +++ b/charts/cluster-proxy/crds/managedproxyconfigurations.yaml @@ -0,0 +1,399 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: managedproxyconfigurations.proxy.open-cluster-management.io +spec: + group: proxy.open-cluster-management.io + names: + kind: ManagedProxyConfiguration + listKind: ManagedProxyConfigurationList + plural: managedproxyconfigurations + singular: managedproxyconfiguration + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ManagedProxyConfiguration is the Schema for the managedproxyconfigurations + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagedProxyConfigurationSpec is the prescription of ManagedProxyConfiguration + properties: + authentication: + description: '`authentication` defines how the credentials for the + authentication between proxy servers and proxy agents are signed + and mounted.' + properties: + dump: + description: '`dump` is where we store the signed certificates + from signers.' + properties: + secrets: + description: '`secrets` is the names of the secrets for saving + the signed certificates.' + properties: + signingAgentServerSecretName: + default: agent-server + description: '`signingAgentServerSecretName` is the secret + name of the proxy servers to receive tunneling handshakes + from proxy agents.' + type: string + signingProxyClientSecretName: + default: proxy-client + description: '`signingProxyClientSecretName` is the secret + name for requesting/streaming over the proxy server.' + type: string + signingProxyServerSecretName: + default: proxy-server + description: '`signingProxyServerSecretName` the secret + name of the proxy server''s listening certificates for + serving proxy requests.' + type: string + type: object + type: object + signer: + description: '`signer` defines how we sign server and client certificates + for the proxy servers and agents.' + properties: + selfSigned: + description: '`selfSigned` prescribes the detail of how we + self-sign the certificates.' + properties: + additionalSANs: + description: '`additionalSANs` adds a few custom hostnames + or IPs to the signing certificates.' + items: + type: string + type: array + type: object + type: + default: SelfSigned + description: '`type` is the supported type of signer. Currently + only "SelfSign" supported.' + enum: + - SelfSigned + - Provided + - CertManager + type: string + type: object + type: object + deploy: + description: '`deploy` is where we override miscellaneous details + for deploying either proxy servers or agents.' + properties: + ports: + description: '`ports` is the ports for proxying and tunneling.' + properties: + adminServer: + default: 8095 + description: '`adminServer` is the port for debugging and + operating.' + format: int32 + type: integer + agentServer: + default: 8091 + description: '`agentServer` is the listening port of proxy + server for serving tunneling handshakes.' + format: int32 + type: integer + healthServer: + default: 8092 + description: '`healthServer` is for probing the healthiness.' + format: int32 + type: integer + proxyServer: + default: 8090 + description: '`proxyServer` is the listening port of proxy + server for serving proxy requests.' + format: int32 + type: integer + type: object + required: + - ports + type: object + proxyAgent: + description: '`proxyServer` structurelized the arguments for running + proxy agents.' + properties: + additionalArgs: + description: '`additionalArgs` defines args used in proxy-agent.' + items: + type: string + type: array + image: + description: '`image` is the container image of the proxy agent.' + type: string + imagePullSecrets: + description: '`imagePullSecrets` defines the imagePullSecrets + used by proxy-agent' + items: + type: string + type: array + replicas: + default: 3 + description: '`replicas` is the replicas of the agents.' + format: int32 + type: integer + required: + - image + type: object + proxyServer: + description: '`proxyServer` structurelized the arguments for running + proxy servers.' + properties: + additionalArgs: + description: '`additionalArgs` adds arbitrary additional command + line args to the proxy-server.' + items: + type: string + type: array + entrypoint: + description: '`entrypoint` defines how will the proxy agents connecting + the servers.' + properties: + hostname: + description: '`hostname` points to a fixed hostname for serving + agents'' handshakes.' + properties: + value: + type: string + required: + - value + type: object + loadBalancerService: + description: '`loadBalancerService` points to a load-balancer + typed service in the hub cluster.' + properties: + annotations: + description: 'Annotations is the annoations of the load-balancer + service. This is for allowing customizing service using + vendor-specific extended annotations such as: - service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: + "intranet" - service.beta.kubernetes.io/azure-load-balancer-internal: + true' + items: + description: AnnotationVar list of annotation variables + to set in the LB Service. + properties: + key: + description: Key is the key of annotation + type: string + value: + description: Value is the value of annotation + type: string + required: + - key + type: object + type: array + name: + default: proxy-agent-entrypoint + description: '`name` is the name of the load-balancer + service. And the namespace will align to where the proxy-servers + are deployed.' + type: string + type: object + port: + default: 8091 + description: '`port` is the target port to access proxy servers' + format: int32 + minimum: 1 + type: integer + type: + description: '`type` is the type of the entrypoint of the + proxy servers. Currently supports "Hostname", "LoadBalancerService"' + enum: + - Hostname + - LoadBalancerService + - PortForward + type: string + required: + - type + type: object + image: + description: '`image` is the container image of the proxy servers.' + type: string + inClusterServiceName: + default: proxy-entrypoint + description: '`inClusterServiceName` is the name of the in-cluster + service for proxying requests inside the hub cluster to the + proxy servers.' + type: string + namespace: + default: open-cluster-management-cluster-proxy + description: '`namespace` is the namespace where we will deploy + the proxy servers and related resources.' + type: string + nodePlacement: + description: NodePlacement defines which Nodes the proxy server + are scheduled on. The default is an empty list. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines which Nodes the Pods are + scheduled on. The default is an empty list. + type: object + tolerations: + description: Tolerations is attached by pods to tolerate any + taint that matches the triple using the + matching operator . The default is an empty list. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + default: 3 + description: '`replicas` is the expected replicas of the proxy + servers. Note that the replicas will also be reflected in the + flag `--server-count` so that agents can discover all the server + instances.' + format: int32 + type: integer + required: + - image + type: object + required: + - authentication + - proxyAgent + - proxyServer + type: object + status: + description: ManagedProxyConfigurationStatus defines the observed state + of ManagedProxyConfiguration + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastObservedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/cluster-proxy/crds/managedproxyserviceresolvers.yaml b/charts/cluster-proxy/crds/managedproxyserviceresolvers.yaml new file mode 100644 index 00000000..3579f985 --- /dev/null +++ b/charts/cluster-proxy/crds/managedproxyserviceresolvers.yaml @@ -0,0 +1,180 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: managedproxyserviceresolvers.proxy.open-cluster-management.io +spec: + group: proxy.open-cluster-management.io + names: + kind: ManagedProxyServiceResolver + listKind: ManagedProxyServiceResolverList + plural: managedproxyserviceresolvers + singular: managedproxyserviceresolver + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ManagedProxyServiceResolver defines a target service that need + to expose from a set of managed clusters to the hub. To access a target + service on a managed cluster from hub. First, users need to apply a proper + ManagedProxyServiceResolver. The managed cluster should match the ManagedClusterSet + in the ManagedProxyServiceResolver.Spec. The serviceNamespace and serviceName + should also match the target service. A usage example: /examples/access-other-services/main.go' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagedProxyServiceResolverSpec defines the desired state + of ManagedProxyServiceResolver. + properties: + managedClusterSelector: + description: ManagedClusterSelector selects a set of managed clusters. + properties: + managedClusterSet: + description: ManagedClusterSet defines a set of managed clusters + that need to expose the service. + properties: + name: + description: Name is the name of the managed cluster set. + type: string + required: + - name + type: object + type: + default: ManagedClusterSet + description: Type represents the type of the selector. Now only + ManagedClusterSet is supported. + enum: + - ManagedClusterSet + type: string + type: object + serviceSelector: + description: ServiceSelector selects a service. + properties: + serviceRef: + description: ServiceRef defines a service in a namespace. + properties: + name: + description: Name represents the name of the service. + type: string + namespace: + description: Namespace represents the namespace of the service. + type: string + required: + - name + - namespace + type: object + type: + default: ServiceRef + description: Type represents the type of the selector. Now only + ServiceRef type is supported. + enum: + - ServiceRef + type: string + type: object + required: + - managedClusterSelector + - serviceSelector + type: object + status: + description: ManagedProxyServiceResolverStatus defines the observed state + of ManagedProxyServiceResolver. + properties: + conditions: + description: Conditions contains the different condition statuses + for this ManagedProxyServiceResolver. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/cluster-proxy/templates/clusterrole.yaml b/charts/cluster-proxy/templates/clusterrole.yaml new file mode 100644 index 00000000..308271b6 --- /dev/null +++ b/charts/cluster-proxy/templates/clusterrole.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: open-cluster-management:cluster-proxy:addon-manager +rules: + - apiGroups: + - cluster.open-cluster-management.io + resources: + - managedclusters + - managedclustersets + verbs: + - get + - list + - watch + - apiGroups: + - addon.open-cluster-management.io + resources: + - clustermanagementaddons + - managedclusteraddons + - clustermanagementaddons/status + - clustermanagementaddons/finalizers + - managedclusteraddons/status + verbs: + - '*' + - apiGroups: + - addon.open-cluster-management.io + resources: + - addondeploymentconfigs + verbs: + - get + - list + - watch + - apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons/finalizers + verbs: + - '*' + - apiGroups: + - proxy.open-cluster-management.io + resources: + - managedproxyconfigurations + - managedproxyconfigurations/status + - managedproxyconfigurations/finalizers + - managedproxyserviceresolvers + - managedproxyserviceresolvers/status + - managedproxyserviceresolvers/finalizers + verbs: + - '*' + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + - certificatesigningrequests/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - certificates.k8s.io + resources: + - signers + verbs: + - "*" + resourceNames: + - open-cluster-management.io/proxy-agent-signer + - kubernetes.io/kube-apiserver-client + - apiGroups: + - "" + resources: + - namespaces + - secrets + - pods + - pods/portforward + verbs: + - "*" + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - work.open-cluster-management.io + resources: + - manifestworks + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - "*" diff --git a/charts/cluster-proxy/templates/clusterrolebinding.yaml b/charts/cluster-proxy/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..c9ca1a9a --- /dev/null +++ b/charts/cluster-proxy/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: open-cluster-management:cluster-proxy:addon-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: open-cluster-management:cluster-proxy:addon-manager +subjects: + - kind: ServiceAccount + name: cluster-proxy + namespace: {{ .Release.Namespace }} diff --git a/charts/cluster-proxy/templates/k8s/addon.yaml b/charts/cluster-proxy/templates/k8s/addon.yaml new file mode 100644 index 00000000..06a580ba --- /dev/null +++ b/charts/cluster-proxy/templates/k8s/addon.yaml @@ -0,0 +1,9 @@ +{{- if not .Values.kubeconfigSecretName }} + +{{- $restpl := $.Files.Get "common/clustermanagementaddon.yaml" -}} +{{ tpl $restpl $ }} +--- +{{- $restpl := $.Files.Get "common/managedproxyconfiguration.yaml" -}} +{{ tpl $restpl $ }} + +{{- end }} diff --git a/charts/cluster-proxy/templates/manager-deployment.yaml b/charts/cluster-proxy/templates/manager-deployment.yaml new file mode 100644 index 00000000..15bab1dc --- /dev/null +++ b/charts/cluster-proxy/templates/manager-deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cluster-proxy-addon-manager + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + open-cluster-management.io/addon: cluster-proxy + template: + metadata: + labels: + open-cluster-management.io/addon: cluster-proxy + spec: + serviceAccount: cluster-proxy + automountServiceAccountToken: true + containers: + - name: manager + image: {{ .Values.registry }}/{{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + imagePullPolicy: Always + command: + - /manager + args: + {{- if gt (int .Values.replicas) 1 }} + - --leader-elect=true + {{- end }} + - --signer-secret-namespace={{ .Release.Namespace }} + - --agent-install-all=true + {{- if .Values.kubeconfigSecretName }} + - --multicluster-kubeconfig=/var/run/secrets/ocm/auth/kubeconfig + {{- end }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + readOnlyRootFilesystem: true + volumeMounts: + {{- if .Values.kubeconfigSecretName }} + - mountPath: /var/run/secrets/ocm/auth + name: ocm-auth + {{- end }} + volumes: + {{- if .Values.kubeconfigSecretName }} + - name: ocm-auth + secret: + defaultMode: 420 + secretName: {{ .Values.kubeconfigSecretName }} + {{- end }} diff --git a/charts/cluster-proxy/templates/ocm-mc/addon.yaml b/charts/cluster-proxy/templates/ocm-mc/addon.yaml new file mode 100644 index 00000000..662cd3fb --- /dev/null +++ b/charts/cluster-proxy/templates/ocm-mc/addon.yaml @@ -0,0 +1,45 @@ +{{- if .Values.kubeconfigSecretName }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: cluster-proxy-configure-addon + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook-weight": "2" + "helm.sh/hook": post-install,post-upgrade,post-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +spec: + ttlSecondsAfterFinished: 0 + backoffLimit: 3 + template: + spec: + automountServiceAccountToken: false + containers: + - name: kubectl + image: {{ .Values.kubectl.image }} + workingDir: /var/run/secrets/ocm + command: + - sh + - -c + - | + sleep 2; \ + kubectl --kubeconfig=auth/kubeconfig apply -f - < matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -530,90 +227,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -625,33 +261,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -659,66 +276,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -730,95 +303,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -830,42 +337,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -874,57 +358,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -936,90 +381,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -1031,33 +415,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -1084,41 +449,17 @@ spec: type: string tolerations: items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array @@ -1140,64 +481,22 @@ spec: helmController: properties: affinity: - description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with - the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1207,35 +506,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1247,8 +524,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -1257,53 +532,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1313,35 +553,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1359,66 +577,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1430,95 +604,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1530,42 +638,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -1574,57 +659,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -1636,90 +682,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -1731,33 +716,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -1765,66 +731,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1836,95 +758,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -1936,42 +792,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -1980,57 +813,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -2042,90 +836,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -2137,33 +870,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -2186,107 +900,58 @@ spec: type: boolean extraEnv: items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -2300,8 +965,6 @@ spec: image: type: string imagePullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image enum: - Always - Never @@ -2319,8 +982,6 @@ spec: priorityClassName: type: string resources: - description: ResourceRequirements describes the compute resource - requirements. properties: limits: additionalProperties: @@ -2329,8 +990,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2339,10 +998,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object serviceAccount: @@ -2362,41 +1017,17 @@ spec: type: string tolerations: items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array @@ -2406,64 +1037,22 @@ spec: imageAutomationController: properties: affinity: - description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with - the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -2473,35 +1062,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -2513,8 +1080,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -2523,53 +1088,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -2579,35 +1109,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -2625,66 +1133,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -2696,95 +1160,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -2796,42 +1194,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -2840,57 +1215,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -2902,90 +1238,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -2997,33 +1272,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -3031,66 +1287,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -3102,95 +1314,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -3202,42 +1348,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -3246,57 +1369,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -3308,90 +1392,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -3403,33 +1426,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -3452,107 +1456,58 @@ spec: type: boolean extraEnv: items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -3566,8 +1521,6 @@ spec: image: type: string imagePullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image enum: - Always - Never @@ -3585,8 +1538,6 @@ spec: priorityClassName: type: string resources: - description: ResourceRequirements describes the compute resource - requirements. properties: limits: additionalProperties: @@ -3595,8 +1546,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3605,10 +1554,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object serviceAccount: @@ -3628,41 +1573,17 @@ spec: type: string tolerations: items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array @@ -3671,12 +1592,8 @@ spec: type: object imagePullSecrets: items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -3684,64 +1601,22 @@ spec: imageReflectionController: properties: affinity: - description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with - the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -3751,35 +1626,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -3791,8 +1644,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -3801,53 +1652,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -3857,35 +1673,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -3903,66 +1697,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -3974,95 +1724,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -4074,42 +1758,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -4118,57 +1779,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -4180,90 +1802,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -4275,33 +1836,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -4309,66 +1851,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -4380,95 +1878,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -4480,42 +1912,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -4524,57 +1933,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -4586,90 +1956,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -4681,33 +1990,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -4730,107 +2020,58 @@ spec: type: boolean extraEnv: items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4844,8 +2085,6 @@ spec: image: type: string imagePullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image enum: - Always - Never @@ -4863,8 +2102,6 @@ spec: priorityClassName: type: string resources: - description: ResourceRequirements describes the compute resource - requirements. properties: limits: additionalProperties: @@ -4873,8 +2110,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4883,10 +2118,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object serviceAccount: @@ -4906,41 +2137,17 @@ spec: type: string tolerations: items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array @@ -4952,64 +2159,22 @@ spec: kustomizeController: properties: affinity: - description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with - the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -5019,35 +2184,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -5059,8 +2202,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -5069,53 +2210,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -5125,35 +2231,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -5171,66 +2255,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -5242,95 +2282,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -5342,42 +2316,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -5386,57 +2337,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -5448,90 +2360,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -5543,33 +2394,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -5577,66 +2409,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -5648,95 +2436,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -5748,42 +2470,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -5792,57 +2491,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -5854,90 +2514,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -5949,33 +2548,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -6001,121 +2581,68 @@ spec: map: properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object secret: properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object type: object extraEnv: items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -6128,37 +2655,18 @@ spec: type: array extraSecretMounts: items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -6168,8 +2676,6 @@ spec: image: type: string imagePullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image enum: - Always - Never @@ -6187,8 +2693,6 @@ spec: priorityClassName: type: string resources: - description: ResourceRequirements describes the compute resource - requirements. properties: limits: additionalProperties: @@ -6197,8 +2701,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6207,10 +2709,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object secret: @@ -6243,41 +2741,17 @@ spec: type: string tolerations: items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array @@ -6298,64 +2772,22 @@ spec: notificationController: properties: affinity: - description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with - the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -6365,35 +2797,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -6405,8 +2815,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -6415,53 +2823,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -6471,35 +2844,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -6517,66 +2868,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -6588,95 +2895,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -6688,42 +2929,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -6732,57 +2950,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -6794,90 +2973,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -6889,33 +3007,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -6923,66 +3022,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -6994,95 +3049,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -7094,42 +3083,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -7138,57 +3104,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -7200,90 +3127,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -7295,33 +3161,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -7344,107 +3191,58 @@ spec: type: boolean extraEnv: items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -7458,8 +3256,6 @@ spec: image: type: string imagePullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image enum: - Always - Never @@ -7477,8 +3273,6 @@ spec: priorityClassName: type: string resources: - description: ResourceRequirements describes the compute resource - requirements. properties: limits: additionalProperties: @@ -7487,8 +3281,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -7497,10 +3289,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object service: @@ -7531,41 +3319,17 @@ spec: type: string tolerations: items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array @@ -7607,27 +3371,13 @@ spec: type: object tls: items: - description: IngressTLS describes the transport layer - security associated with an ingress. properties: hosts: - description: hosts is a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. items: type: string type: array x-kubernetes-list-type: atomic secretName: - description: secretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on - SNI hostname alone. If the SNI host in a listener - conflicts with the "Host" header field used by - an IngressRule, the SNI host is used for termination - and value of the "Host" header is used for routing. type: string type: object type: array @@ -7706,64 +3456,22 @@ spec: sourceController: properties: affinity: - description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). properties: preference: - description: A node selector term, associated with - the corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -7773,35 +3481,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -7813,8 +3499,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -7823,53 +3507,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from - its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term - matches no objects. The requirements of them are - ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -7879,35 +3528,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is - a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. type: string values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. If the - operator is Gt or Lt, the values array - must have a single element, which will - be interpreted as an integer. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -7925,66 +3552,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -7996,95 +3579,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -8096,42 +3613,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -8140,57 +3634,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -8202,90 +3657,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -8297,33 +3691,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -8331,66 +3706,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node that - violates one or more of the expressions. The node that - is most preferred is the one with the greatest sum of - weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -8402,95 +3733,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key in (value)` to select the group of - existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) - affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value - is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature - gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod - label keys to select which pods will be taken - into consideration. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are merged with `LabelSelector` - as `key notin (value)` to select the group - of existing pods which pods will be taken - into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist - in the incoming pod labels will be ignored. - The default value is empty. The same key is - forbidden to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. properties: key: - description: key is the label key - that the selector applies to. type: string operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. items: type: string type: array @@ -8502,42 +3767,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -8546,57 +3788,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod - label update), the system may or may not try to eventually - evict the pod from its node. When there are multiple - elements, the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any node - on which a pod of the set of pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -8608,90 +3811,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -8703,33 +3845,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -8752,107 +3875,58 @@ spec: type: boolean extraEnv: items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -8866,8 +3940,6 @@ spec: image: type: string imagePullPolicy: - description: PullPolicy describes a policy for if/when to pull - a container image enum: - Always - Never @@ -8885,8 +3957,6 @@ spec: priorityClassName: type: string resources: - description: ResourceRequirements describes the compute resource - requirements. properties: limits: additionalProperties: @@ -8895,8 +3965,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -8905,10 +3973,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object service: @@ -8939,41 +4003,17 @@ spec: type: string tolerations: items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array diff --git a/charts/fluxcd-addon-manager/templates/addon/fluxcd_config.yaml b/charts/fluxcd-addon-manager/templates/addon/fluxcd_config.yaml deleted file mode 100644 index a5d633e0..00000000 --- a/charts/fluxcd-addon-manager/templates/addon/fluxcd_config.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: fluxcd.open-cluster-management.io/v1alpha1 -kind: FluxCDConfig -metadata: - labels: - app.kubernetes.io/name: fluxcdconfig - app.kubernetes.io/instance: fluxcdconfig - app.kubernetes.io/part-of: api - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: api - name: fluxcd-config - namespace: fluxcd-addon -spec: - installCRDs: {{ .Values.installCRDs }} - clusterDomain: {{ .Values.clusterDomain }} - multitenancy: - {{- toYaml .Values.multitenancy | nindent 4}} - cli: - {{- toYaml .Values.cli | nindent 4}} - - # controllers - helmController: - {{- toYaml .Values.helmController | nindent 4}} - imageAutomationController: - {{- toYaml .Values.imageAutomationController | nindent 4}} - imageReflectionController: - {{- toYaml .Values.imageReflectionController | nindent 4}} - kustomizeController: - {{- toYaml .Values.kustomizeController | nindent 4}} - notificationController: - {{- toYaml .Values.notificationController | nindent 4}} - sourceController: - {{- toYaml .Values.sourceController | nindent 4}} - - - policies: - {{- toYaml .Values.policies | nindent 4}} - rbac: - {{- toYaml .Values.rbac | nindent 4}} - logLevel: {{ .Values.logLevel }} - watchAllNamespaces: {{ .Values.watchAllNamespaces }} - # -- contents of pod imagePullSecret in form 'name=[secretName]'; applied to all controllers - imagePullSecrets: - {{- toYaml .Values.imagePullSecrets | nindent 4}} - # -- Array of extra K8s manifests to deploy - extraObjects: - {{- toYaml .Values.extraObjects | nindent 4}} - prometheus: - {{- toYaml .Values.prometheus | nindent 4}} \ No newline at end of file diff --git a/charts/fluxcd-addon-manager/templates/deployment.yaml b/charts/fluxcd-addon-manager/templates/deployment.yaml new file mode 100644 index 00000000..95cad2e0 --- /dev/null +++ b/charts/fluxcd-addon-manager/templates/deployment.yaml @@ -0,0 +1,44 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: fluxcd-addon-manager + namespace: {{ ternary "fluxcd-addon" .Release.Namespace (empty .Values.kubeconfigSecretName) }} + labels: + app: fluxcd-addon-manager +spec: + replicas: 1 + selector: + matchLabels: + app: fluxcd-addon-manager + template: + metadata: + labels: + app: fluxcd-addon-manager + spec: + {{- if .Values.kubeconfigSecretName }} + automountServiceAccountToken: false + {{- else }} + serviceAccount: fluxcd-addon-manager + automountServiceAccountToken: true + {{- end }} + containers: + - name: manager + image: {{ .Values.image }}:{{ .Values.tag | default .Chart.AppVersion }} + imagePullPolicy: IfNotPresent + args: + - manager + {{- if .Values.kubeconfigSecretName }} + - --kubeconfig=/var/run/secrets/ocm/auth/kubeconfig + {{- end }} + volumeMounts: + {{- if .Values.kubeconfigSecretName }} + - mountPath: /var/run/secrets/ocm/auth + name: ocm-auth + {{- end }} + volumes: + {{- if .Values.kubeconfigSecretName }} + - name: ocm-auth + secret: + defaultMode: 420 + secretName: {{ .Values.kubeconfigSecretName }} + {{- end }} diff --git a/charts/fluxcd-addon-manager/templates/k8s/addon.yaml b/charts/fluxcd-addon-manager/templates/k8s/addon.yaml new file mode 100644 index 00000000..ee52c7fd --- /dev/null +++ b/charts/fluxcd-addon-manager/templates/k8s/addon.yaml @@ -0,0 +1,18 @@ +{{- if not .Values.kubeconfigSecretName }} + +{{- $restpl := $.Files.Get "common/addon/namespace.yaml" -}} +{{ tpl $restpl $ }} +--- +{{- $restpl := $.Files.Get "common/addon/clustermanagementaddon.yaml" -}} +{{ tpl $restpl $ }} +--- +{{- $restpl := $.Files.Get "common/addon/clustersetsbinding.yaml" -}} +{{ tpl $restpl $ }} +--- +{{- $restpl := $.Files.Get "common/addon/fluxcd_config.yaml" -}} +{{ tpl $restpl $ }} +--- +{{- $restpl := $.Files.Get "common/addon/placement.yaml" -}} +{{ tpl $restpl $ }} + +{{- end }} diff --git a/charts/fluxcd-addon-manager/templates/manager/cluster_role.yaml b/charts/fluxcd-addon-manager/templates/k8s/cluster_role.yaml similarity index 96% rename from charts/fluxcd-addon-manager/templates/manager/cluster_role.yaml rename to charts/fluxcd-addon-manager/templates/k8s/cluster_role.yaml index d9fe0c8e..c501d0f2 100644 --- a/charts/fluxcd-addon-manager/templates/manager/cluster_role.yaml +++ b/charts/fluxcd-addon-manager/templates/k8s/cluster_role.yaml @@ -1,3 +1,5 @@ +{{- if not .Values.kubeconfigSecretName }} + kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -50,4 +52,6 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["fluxcd.open-cluster-management.io"] resources: ["fluxcdconfigs"] - verbs: ["get", "list", "watch"] \ No newline at end of file + verbs: ["get", "list", "watch"] + +{{- end }} diff --git a/charts/fluxcd-addon-manager/templates/manager/cluster_role_binding.yaml b/charts/fluxcd-addon-manager/templates/k8s/cluster_role_binding.yaml similarity index 84% rename from charts/fluxcd-addon-manager/templates/manager/cluster_role_binding.yaml rename to charts/fluxcd-addon-manager/templates/k8s/cluster_role_binding.yaml index 808ba8b3..45338e59 100644 --- a/charts/fluxcd-addon-manager/templates/manager/cluster_role_binding.yaml +++ b/charts/fluxcd-addon-manager/templates/k8s/cluster_role_binding.yaml @@ -1,3 +1,5 @@ +{{- if not .Values.kubeconfigSecretName }} + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -10,3 +12,5 @@ subjects: - kind: ServiceAccount name: fluxcd-addon-manager namespace: fluxcd-addon + +{{- end }} diff --git a/charts/fluxcd-addon-manager/templates/manager/serviceaccount.yaml b/charts/fluxcd-addon-manager/templates/k8s/serviceaccount.yaml similarity index 64% rename from charts/fluxcd-addon-manager/templates/manager/serviceaccount.yaml rename to charts/fluxcd-addon-manager/templates/k8s/serviceaccount.yaml index c538f27e..9d2e19e5 100644 --- a/charts/fluxcd-addon-manager/templates/manager/serviceaccount.yaml +++ b/charts/fluxcd-addon-manager/templates/k8s/serviceaccount.yaml @@ -1,5 +1,9 @@ +{{- if not .Values.kubeconfigSecretName }} + apiVersion: v1 kind: ServiceAccount metadata: name: fluxcd-addon-manager namespace: fluxcd-addon + +{{- end }} diff --git a/charts/fluxcd-addon-manager/templates/manager/deployment.yaml b/charts/fluxcd-addon-manager/templates/manager/deployment.yaml deleted file mode 100644 index fa84d8e2..00000000 --- a/charts/fluxcd-addon-manager/templates/manager/deployment.yaml +++ /dev/null @@ -1,24 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: fluxcd-addon-manager - namespace: fluxcd-addon - labels: - app: fluxcd-addon-manager -spec: - replicas: 1 - selector: - matchLabels: - app: fluxcd-addon-manager - template: - metadata: - labels: - app: fluxcd-addon-manager - spec: - serviceAccountName: fluxcd-addon-manager - containers: - - name: fluxcd-addon-manager - image: ghcr.io/kluster-manager/fluxcd-addon:v0.0.1 - imagePullPolicy: IfNotPresent - args: - - manager diff --git a/charts/fluxcd-addon-manager/templates/ocm-mc/addon.yaml b/charts/fluxcd-addon-manager/templates/ocm-mc/addon.yaml new file mode 100644 index 00000000..a3a1faed --- /dev/null +++ b/charts/fluxcd-addon-manager/templates/ocm-mc/addon.yaml @@ -0,0 +1,54 @@ +{{- if .Values.kubeconfigSecretName }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: fluxcd-configure-addon + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook-weight": "2" + "helm.sh/hook": post-install,post-upgrade,post-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +spec: + ttlSecondsAfterFinished: 0 + backoffLimit: 3 + template: + spec: + automountServiceAccountToken: false + containers: + - name: kubectl + image: {{ .Values.kubectl.image }} + workingDir: /var/run/secrets/ocm + command: + - sh + - -c + - | + sleep 2; \ + kubectl --kubeconfig=auth/kubeconfig apply -f - < -# secretkey: - -# Enables podMonitor creation for the Prometheus Operator -prometheus: - podMonitor: - # -- Enables podMonitor endpoint - create: false - podMetricsEndpoints: - - port: http-prom - relabelings: - # https://github.com/prometheus-operator/prometheus-operator/issues/4816 - - sourceLabels: [ __meta_kubernetes_pod_phase ] - action: keep - regex: Running \ No newline at end of file +fluxcdConfig: + installCRDs: true diff --git a/charts/managed-serviceaccount/Chart.yaml b/charts/managed-serviceaccount/Chart.yaml new file mode 100644 index 00000000..8fd867ad --- /dev/null +++ b/charts/managed-serviceaccount/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: managed-serviceaccount +description: A Helm chart for Managed ServiceAccount Addon +type: application +version: 0.4.0 +appVersion: 1.0.0 diff --git a/charts/managed-serviceaccount/common/clustermanagementaddon.yaml b/charts/managed-serviceaccount/common/clustermanagementaddon.yaml new file mode 100644 index 00000000..2b15b830 --- /dev/null +++ b/charts/managed-serviceaccount/common/clustermanagementaddon.yaml @@ -0,0 +1,26 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: ClusterManagementAddOn +metadata: + name: managed-serviceaccount +{{- if eq .Values.hubDeployMode "AddOnTemplate" }} + annotations: + addon.open-cluster-management.io/lifecycle: "addon-manager" +{{- end }} +spec: + addOnMeta: + displayName: managed-serviceaccount + description: managed-serviceaccount +{{- if .Values.enableAddOnDeploymentConfig }} + supportedConfigs: + - group: addon.open-cluster-management.io + resource: addondeploymentconfigs +{{- end }} +{{- if eq .Values.hubDeployMode "AddOnTemplate" }} + defaultConfig: + namespace: {{ .Release.Namespace }} + name: managed-serviceaccount-addon-deploy-config + - group: addon.open-cluster-management.io + resource: addontemplates + defaultConfig: + name: {{ .Values.addOnTemplateName | default (print "managed-serviceaccount-" .Chart.Version) }} +{{- end }} diff --git a/charts/managed-serviceaccount/common/managedclusteraddon.yaml b/charts/managed-serviceaccount/common/managedclusteraddon.yaml new file mode 100644 index 00000000..e8a115e7 --- /dev/null +++ b/charts/managed-serviceaccount/common/managedclusteraddon.yaml @@ -0,0 +1,13 @@ +{{ if .Values.targetCluster }} +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: ManagedClusterAddOn +metadata: + name: managed-serviceaccount + namespace: {{ .Values.targetCluster }} +spec: +{{ if eq .Values.hubDeployMode "AddOnTemplate" }} + installNamespace: "open-cluster-management-agent-addon" +{{ else }} + installNamespace: "open-cluster-management-managed-serviceaccount" +{{ end }} +{{ end }} diff --git a/charts/managed-serviceaccount/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml b/charts/managed-serviceaccount/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml new file mode 100644 index 00000000..2f6a1dda --- /dev/null +++ b/charts/managed-serviceaccount/crds/addon.open-cluster-management.io_clustermanagementaddons.yaml @@ -0,0 +1,560 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustermanagementaddons.addon.open-cluster-management.io +spec: + group: addon.open-cluster-management.io + names: + kind: ClusterManagementAddOn + listKind: ClusterManagementAddOnList + plural: clustermanagementaddons + shortNames: + - cma + - cmas + singular: clustermanagementaddon + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.addOnMeta.displayName + name: DISPLAY NAME + type: string + - jsonPath: .spec.addOnConfiguration.crdName + name: CRD NAME + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterManagementAddOn represents the registration of an add-on + to the cluster manager. This resource allows the user to discover which + add-on is available for the cluster manager and also provides metadata information + about the add-on. This resource also provides a linkage to ManagedClusterAddOn, + the name of the ClusterManagementAddOn resource will be used for the namespace-scoped + ManagedClusterAddOn resource. ClusterManagementAddOn is a cluster-scoped + resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec represents a desired configuration for the agent on + the cluster management add-on. + properties: + addOnConfiguration: + description: 'Deprecated: Use supportedConfigs filed instead addOnConfiguration + is a reference to configuration information for the add-on. In scenario + where a multiple add-ons share the same add-on CRD, multiple ClusterManagementAddOn + resources need to be created and reference the same AddOnConfiguration.' + properties: + crName: + description: crName is the name of the CR used to configure instances + of the managed add-on. This field should be configured if add-on + CR have a consistent name across the all of the ManagedCluster + instaces. + type: string + crdName: + description: crdName is the name of the CRD used to configure + instances of the managed add-on. This field should be configured + if the add-on have a CRD that controls the configuration of + the add-on. + type: string + lastObservedGeneration: + description: lastObservedGeneration is the observed generation + of the custom resource for the configuration of the addon. + format: int64 + type: integer + type: object + addOnMeta: + description: addOnMeta is a reference to the metadata information + for the add-on. + properties: + description: + description: description represents the detailed description of + the add-on. + type: string + displayName: + description: displayName represents the name of add-on that will + be displayed. + type: string + type: object + installStrategy: + default: + type: Manual + description: InstallStrategy represents that related ManagedClusterAddOns + should be installed on certain clusters. + properties: + placements: + description: Placements is a list of placement references honored + when install strategy type is Placements. All clusters selected + by these placements will install the addon If one cluster belongs + to multiple placements, it will only apply the strategy defined + later in the order. That is to say, The latter strategy overrides + the previous one. + items: + properties: + configs: + description: Configs is the configuration of managedClusterAddon + during installation. User can override the configuration + by updating the managedClusterAddon directly. + items: + properties: + group: + default: "" + description: group of the add-on configuration. + type: string + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. + If this field is not set, the configuration is in + the cluster scope. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - name + - resource + type: object + type: array + name: + description: Name is the name of the placement + minLength: 1 + type: string + namespace: + description: Namespace is the namespace of the placement + minLength: 1 + type: string + rolloutStrategy: + default: + type: All + description: The rollout strategy to apply addon configurations + change. The rollout strategy only watches the addon configurations + defined in ClusterManagementAddOn. + properties: + all: + description: All define required fields for RolloutStrategy + type All + properties: + timeout: + default: None + description: Timeout define how long workload applier + controller will wait till workload reach successful + state in the cluster. Timeout default value is + None meaning the workload applier will not proceed + apply workload to other clusters if did not reach + the successful state. Timeout must be defined + in [0-9h]|[0-9m]|[0-9s] format examples; 2h , + 90m , 360s + pattern: ^(([0-9])+[h|m|s])|None$ + type: string + type: object + progressive: + description: Progressive define required fields for + RolloutStrategy type Progressive + properties: + mandatoryDecisionGroups: + description: List of the decision groups names or + indexes to apply the workload first and fail if + workload did not reach successful state. GroupName + or GroupIndex must match with the decisionGroups + defined in the placement's decisionStrategy + items: + description: MandatoryDecisionGroup set the decision + group name or group index. GroupName is considered + first to select the decisionGroups then GroupIndex. + properties: + groupIndex: + description: GroupIndex of the decision group + should match the placementDecisions label + value with label key cluster.open-cluster-management.io/decision-group-index + format: int32 + type: integer + groupName: + description: GroupName of the decision group + should match the placementDecisions label + value with label key cluster.open-cluster-management.io/decision-group-name + type: string + type: object + type: array + maxConcurrency: + anyOf: + - type: integer + - type: string + description: MaxConcurrency is the max number of + clusters to deploy workload concurrently. The + default value for MaxConcurrency is determined + from the clustersPerDecisionGroup defined in the + placement->DecisionStrategy. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + timeout: + default: None + description: Timeout define how long workload applier + controller will wait till workload reach successful + state in the cluster. Timeout default value is + None meaning the workload applier will not proceed + apply workload to other clusters if did not reach + the successful state. Timeout must be defined + in [0-9h]|[0-9m]|[0-9s] format examples; 2h , + 90m , 360s + pattern: ^(([0-9])+[h|m|s])|None$ + type: string + type: object + progressivePerGroup: + description: ProgressivePerGroup define required fields + for RolloutStrategy type ProgressivePerGroup + properties: + mandatoryDecisionGroups: + description: List of the decision groups names or + indexes to apply the workload first and fail if + workload did not reach successful state. GroupName + or GroupIndex must match with the decisionGroups + defined in the placement's decisionStrategy + items: + description: MandatoryDecisionGroup set the decision + group name or group index. GroupName is considered + first to select the decisionGroups then GroupIndex. + properties: + groupIndex: + description: GroupIndex of the decision group + should match the placementDecisions label + value with label key cluster.open-cluster-management.io/decision-group-index + format: int32 + type: integer + groupName: + description: GroupName of the decision group + should match the placementDecisions label + value with label key cluster.open-cluster-management.io/decision-group-name + type: string + type: object + type: array + timeout: + default: None + description: Timeout define how long workload applier + controller will wait till workload reach successful + state in the cluster. Timeout default value is + None meaning the workload applier will not proceed + apply workload to other clusters if did not reach + the successful state. Timeout must be defined + in [0-9h]|[0-9m]|[0-9s] format examples; 2h , + 90m , 360s + pattern: ^(([0-9])+[h|m|s])|None$ + type: string + type: object + type: + default: All + description: Rollout strategy Types are All, Progressive + and ProgressivePerGroup 1) All means apply the workload + to all clusters in the decision groups at once. 2) + Progressive means apply the workload to the selected + clusters progressively per cluster. The workload will + not be applied to the next cluster unless one of the + current applied clusters reach the successful state + or timeout. 3) ProgressivePerGroup means apply the + workload to decisionGroup clusters progressively per + group. The workload will not be applied to the next + decisionGroup unless all clusters in the current group + reach the successful state or timeout. + enum: + - All + - Progressive + - ProgressivePerGroup + type: string + type: object + required: + - name + - namespace + type: object + type: array + x-kubernetes-list-map-keys: + - namespace + - name + x-kubernetes-list-type: map + type: + default: Manual + description: 'Type is the type of the install strategy, it can + be: - Manual: no automatic install - Placements: install to + clusters selected by placements.' + enum: + - Manual + - Placements + type: string + type: object + supportedConfigs: + description: supportedConfigs is a list of configuration types supported + by add-on. An empty list means the add-on does not require configurations. + The default is an empty list + items: + description: ConfigMeta represents a collection of metadata information + for add-on configuration. + properties: + defaultConfig: + description: defaultConfig represents the namespace and name + of the default add-on configuration. In scenario where all + add-ons have a same configuration. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. If this + field is not set, the configuration is in the cluster + scope. + type: string + required: + - name + type: object + group: + default: "" + description: group of the add-on configuration. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + x-kubernetes-list-type: map + type: object + status: + description: status represents the current status of cluster management + add-on. + properties: + defaultconfigReferences: + description: defaultconfigReferences is a list of current add-on default + configuration references. + items: + description: DefaultConfigReference is a reference to the current + add-on configuration. This resource is used to record the configuration + resource for the current add-on. + properties: + desiredConfig: + description: desiredConfig record the desired config spec hash. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. If this + field is not set, the configuration is in the cluster + scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + group: + default: "" + description: group of the add-on configuration. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - resource + type: object + type: array + installProgressions: + description: installProgression is a list of current add-on configuration + references per placement. + items: + properties: + conditions: + description: conditions describe the state of the managed and + monitored components for the operator. + items: + description: "Condition contains details for one aspect of + the current state of this API Resource. --- This struct + is intended for direct use as an array at the field path + .status.conditions. For example, \n type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields + }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should + be when the underlying condition changed. If that is + not known, then using the time when the API field changed + is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the + current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. The value should + be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is + (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + configReferences: + description: configReferences is a list of current add-on configuration + references. + items: + description: InstallConfigReference is a reference to the + current add-on configuration. This resource is used to record + the configuration resource for the current add-on. + properties: + desiredConfig: + description: desiredConfig record the desired config name + and spec hash. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. + If this field is not set, the configuration is in + the cluster scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + group: + default: "" + description: group of the add-on configuration. + type: string + lastAppliedConfig: + description: lastAppliedConfig records the config spec + hash when the all the corresponding ManagedClusterAddOn + are applied successfully. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. + If this field is not set, the configuration is in + the cluster scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + lastKnownGoodConfig: + description: lastKnownGoodConfig records the last known + good config spec hash. For fresh install or rollout + with type UpdateAll or RollingUpdate, the lastKnownGoodConfig + is the same as lastAppliedConfig. For rollout with type + RollingUpdateWithCanary, the lastKnownGoodConfig is + the last successfully applied config spec hash of the + canary placement. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. + If this field is not set, the configuration is in + the cluster scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - resource + type: object + type: array + name: + description: Name is the name of the placement + minLength: 1 + type: string + namespace: + description: Namespace is the namespace of the placement + minLength: 1 + type: string + required: + - name + - namespace + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/managed-serviceaccount/crds/addon.open-cluster-management.io_managedclusteraddons.yaml b/charts/managed-serviceaccount/crds/addon.open-cluster-management.io_managedclusteraddons.yaml new file mode 100644 index 00000000..94b582de --- /dev/null +++ b/charts/managed-serviceaccount/crds/addon.open-cluster-management.io_managedclusteraddons.yaml @@ -0,0 +1,400 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: managedclusteraddons.addon.open-cluster-management.io +spec: + group: addon.open-cluster-management.io + names: + kind: ManagedClusterAddOn + listKind: ManagedClusterAddOnList + plural: managedclusteraddons + shortNames: + - mca + - mcas + singular: managedclusteraddon + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ManagedClusterAddOn is the Custom Resource object which holds + the current state of an add-on. This object is used by add-on operators + to convey their state. This resource should be created in the ManagedCluster + namespace. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds configuration that could apply to any operator. + properties: + configs: + description: configs is a list of add-on configurations. In scenario + where the current add-on has its own configurations. An empty list + means there are no default configurations for add-on. The default + is an empty list + items: + properties: + group: + default: "" + description: group of the add-on configuration. + type: string + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. If this + field is not set, the configuration is in the cluster scope. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - name + - resource + type: object + type: array + installNamespace: + default: open-cluster-management-agent-addon + description: installNamespace is the namespace on the managed cluster + to install the addon agent. If it is not set, open-cluster-management-agent-addon + namespace is used to install the addon agent. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + status: + description: status holds the information about the state of an operator. It + is consistent with status information across the Kubernetes ecosystem. + properties: + addOnConfiguration: + description: 'Deprecated: Use configReferences instead. addOnConfiguration + is a reference to configuration information for the add-on. This + resource is used to locate the configuration resource for the add-on.' + properties: + crName: + description: crName is the name of the CR used to configure instances + of the managed add-on. This field should be configured if add-on + CR have a consistent name across the all of the ManagedCluster + instaces. + type: string + crdName: + description: crdName is the name of the CRD used to configure + instances of the managed add-on. This field should be configured + if the add-on have a CRD that controls the configuration of + the add-on. + type: string + lastObservedGeneration: + description: lastObservedGeneration is the observed generation + of the custom resource for the configuration of the addon. + format: int64 + type: integer + type: object + addOnMeta: + description: addOnMeta is a reference to the metadata information + for the add-on. This should be same as the addOnMeta for the corresponding + ClusterManagementAddOn resource. + properties: + description: + description: description represents the detailed description of + the add-on. + type: string + displayName: + description: displayName represents the name of add-on that will + be displayed. + type: string + type: object + conditions: + description: conditions describe the state of the managed and monitored + components for the operator. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + configReferences: + description: configReferences is a list of current add-on configuration + references. This will be overridden by the clustermanagementaddon + configuration references. + items: + description: ConfigReference is a reference to the current add-on + configuration. This resource is used to locate the configuration + resource for the current add-on. + properties: + desiredConfig: + description: desiredConfig record the desired config spec hash. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. If this + field is not set, the configuration is in the cluster + scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + group: + default: "" + description: group of the add-on configuration. + type: string + lastAppliedConfig: + description: lastAppliedConfig record the config spec hash when + the corresponding ManifestWork is applied successfully. + properties: + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. If this + field is not set, the configuration is in the cluster + scope. + type: string + specHash: + description: spec hash for an add-on configuration. + type: string + required: + - name + type: object + lastObservedGeneration: + description: 'Deprecated: Use LastAppliedConfig instead lastObservedGeneration + is the observed generation of the add-on configuration.' + format: int64 + type: integer + name: + description: name of the add-on configuration. + minLength: 1 + type: string + namespace: + description: namespace of the add-on configuration. If this + field is not set, the configuration is in the cluster scope. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - name + - resource + type: object + type: array + healthCheck: + description: healthCheck indicates how to check the healthiness status + of the current addon. It should be set by each addon implementation, + by default, the lease mode will be used. + properties: + mode: + default: Lease + description: mode indicates which mode will be used to check the + healthiness status of the addon. + enum: + - Lease + - Customized + type: string + type: object + namespace: + description: namespace is the namespace on the managedcluster to put + registration secret or lease for the addon. It is required when + registration is set or healthcheck mode is Lease. + type: string + registrations: + description: registrations is the configurations for the addon agent + to register to hub. It should be set by each addon controller on + hub to define how the addon agent on managedcluster is registered. + With the registration defined, The addon agent can access to kube + apiserver with kube style API or other endpoints on hub cluster + with client certificate authentication. A csr will be created per + registration configuration. If more than one registrationConfig + is defined, a csr will be created for each registration configuration. + It is not allowed that multiple registrationConfigs have the same + signer name. After the csr is approved on the hub cluster, the klusterlet + agent will create a secret in the installNamespace for the registrationConfig. + If the signerName is "kubernetes.io/kube-apiserver-client", the + secret name will be "{addon name}-hub-kubeconfig" whose contents + includes key/cert and kubeconfig. Otherwise, the secret name will + be "{addon name}-{signer name}-client-cert" whose contents includes + key/cert. + items: + description: RegistrationConfig defines the configuration of the + addon agent to register to hub. The Klusterlet agent will create + a csr for the addon agent with the registrationConfig. + properties: + signerName: + description: signerName is the name of signer that addon agent + will use to create csr. + maxLength: 571 + minLength: 5 + type: string + subject: + description: 'subject is the user subject of the addon agent + to be registered to the hub. If it is not set, the addon agent + will have the default subject "subject": { "user": "system:open-cluster-management:cluster:{clusterName}:addon:{addonName}:agent:{agentName}", + "groups: ["system:open-cluster-management:cluster:{clusterName}:addon:{addonName}", + "system:open-cluster-management:addon:{addonName}", "system:authenticated"] + }' + properties: + groups: + description: groups is the user group of the addon agent. + items: + type: string + type: array + organizationUnit: + description: organizationUnit is the ou of the addon agent + items: + type: string + type: array + user: + description: user is the user name of the addon agent. + type: string + type: object + type: object + type: array + relatedObjects: + description: 'relatedObjects is a list of objects that are "interesting" + or related to this operator. Common uses are: 1. the detailed resource + driving the operator 2. operator namespaces 3. operand namespaces + 4. related ClusterManagementAddon resource' + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + required: + - group + - name + - resource + type: object + type: array + supportedConfigs: + description: SupportedConfigs is a list of configuration types that + are allowed to override the add-on configurations defined in ClusterManagementAddOn + spec. The default is an empty list, which means the add-on configurations + can not be overridden. + items: + description: ConfigGroupResource represents the GroupResource of + the add-on configuration + properties: + group: + default: "" + description: group of the add-on configuration. + type: string + resource: + description: resource of the add-on configuration. + minLength: 1 + type: string + required: + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/managed-serviceaccount/crds/authentication.open-cluster-management.io_managedserviceaccounts.yaml b/charts/managed-serviceaccount/crds/authentication.open-cluster-management.io_managedserviceaccounts.yaml new file mode 100644 index 00000000..b0fcb2f1 --- /dev/null +++ b/charts/managed-serviceaccount/crds/authentication.open-cluster-management.io_managedserviceaccounts.yaml @@ -0,0 +1,330 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: managedserviceaccounts.authentication.open-cluster-management.io +spec: + group: authentication.open-cluster-management.io + names: + kind: ManagedServiceAccount + listKind: ManagedServiceAccountList + plural: managedserviceaccounts + singular: managedserviceaccount + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ManagedServiceAccount is the Schema for the managedserviceaccounts + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagedServiceAccountSpec defines the desired state of ManagedServiceAccount + properties: + rotation: + description: Rotation is the policy for rotation the credentials. + properties: + enabled: + default: true + description: Enabled prescribes whether the ServiceAccount token + will be rotated from the upstream + type: boolean + validity: + default: 8640h0m0s + description: Validity is the duration for which the signed ServiceAccount + token is valid. + type: string + type: object + ttlSecondsAfterCreation: + description: ttlSecondsAfterCreation limits the lifetime of a ManagedServiceAccount. + If the ttlSecondsAfterCreation field is set, the ManagedServiceAccount + will be automatically deleted regardless of the ManagedServiceAccount's + status. When the ManagedServiceAccount is deleted, its lifecycle + guarantees (e.g. finalizers) will be honored. If this field is unset, + the ManagedServiceAccount won't be automatically deleted. If this + field is set to zero, the ManagedServiceAccount becomes eligible + for deletion immediately after its creation. In order to use ttlSecondsAfterCreation, + the EphemeralIdentity feature gate must be enabled. + exclusiveMinimum: true + format: int32 + minimum: 0 + type: integer + required: + - rotation + type: object + status: + description: ManagedServiceAccountStatus defines the observed state of + ManagedServiceAccount + properties: + conditions: + description: Conditions is the condition list. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n \ttype FooStatus struct{ \t // Represents the observations + of a foo's current state. \t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\" \t // + +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map + \t // +listMapKey=type \t Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields + \t}" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + expirationTimestamp: + description: ExpirationTimestamp is the time when the token will expire. + format: date-time + type: string + tokenSecretRef: + description: TokenSecretRef is a reference to the corresponding ServiceAccount's + Secret, which stores the CA certficate and token from the managed + cluster. + properties: + lastRefreshTimestamp: + description: LastRefreshTimestamp is the timestamp indicating + when the token in the Secret is refreshed. + format: date-time + type: string + name: + description: Name is the name of the referenced secret. + type: string + required: + - lastRefreshTimestamp + - name + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ManagedServiceAccount is the Schema for the managedserviceaccounts + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagedServiceAccountSpec defines the desired state of ManagedServiceAccount + properties: + rotation: + description: Rotation is the policy for rotation the credentials. + properties: + enabled: + default: true + description: Enabled prescribes whether the ServiceAccount token + will be rotated from the upstream + type: boolean + validity: + default: 8640h0m0s + description: Validity is the duration for which the signed ServiceAccount + token is valid. + type: string + type: object + ttlSecondsAfterCreation: + description: ttlSecondsAfterCreation limits the lifetime of a ManagedServiceAccount. + If the ttlSecondsAfterCreation field is set, the ManagedServiceAccount + will be automatically deleted regardless of the ManagedServiceAccount's + status. When the ManagedServiceAccount is deleted, its lifecycle + guarantees (e.g. finalizers) will be honored. If this field is unset, + the ManagedServiceAccount won't be automatically deleted. If this + field is set to zero, the ManagedServiceAccount becomes eligible + for deletion immediately after its creation. In order to use ttlSecondsAfterCreation, + the EphemeralIdentity feature gate must be enabled. + exclusiveMinimum: true + format: int32 + minimum: 0 + type: integer + required: + - rotation + type: object + status: + description: ManagedServiceAccountStatus defines the observed state of + ManagedServiceAccount + properties: + conditions: + description: Conditions is the condition list. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n \ttype FooStatus struct{ \t // Represents the observations + of a foo's current state. \t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\" \t // + +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map + \t // +listMapKey=type \t Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields + \t}" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + expirationTimestamp: + description: ExpirationTimestamp is the time when the token will expire. + format: date-time + type: string + tokenSecretRef: + description: TokenSecretRef is a reference to the corresponding ServiceAccount's + Secret, which stores the CA certficate and token from the managed + cluster. + properties: + lastRefreshTimestamp: + description: LastRefreshTimestamp is the timestamp indicating + when the token in the Secret is refreshed. + format: date-time + type: string + name: + description: Name is the name of the referenced secret. + type: string + required: + - lastRefreshTimestamp + - name + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/managed-serviceaccount/templates/addontemplate/addon-manager-clusterrolebinding.yaml b/charts/managed-serviceaccount/templates/addontemplate/addon-manager-clusterrolebinding.yaml new file mode 100644 index 00000000..8f3c441b --- /dev/null +++ b/charts/managed-serviceaccount/templates/addontemplate/addon-manager-clusterrolebinding.yaml @@ -0,0 +1,16 @@ +# grant permission to addon-manager-controller-sa to create rolebindings +# in the managed cluster for the managed-serviceaccount addon agent +{{- if eq .Values.hubDeployMode "AddOnTemplate" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: open-cluster-management-addon-manager-managed-serviceaccount +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: managed-serviceaccount-addon-agent +subjects: + - kind: ServiceAccount + name: addon-manager-controller-sa + namespace: open-cluster-management-hub +{{- end }} diff --git a/charts/managed-serviceaccount/templates/addontemplate/addondeploymentconfig.yaml b/charts/managed-serviceaccount/templates/addontemplate/addondeploymentconfig.yaml new file mode 100644 index 00000000..d45286df --- /dev/null +++ b/charts/managed-serviceaccount/templates/addontemplate/addondeploymentconfig.yaml @@ -0,0 +1,9 @@ +{{- if eq .Values.hubDeployMode "AddOnTemplate" }} +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: AddOnDeploymentConfig +metadata: + name: managed-serviceaccount-addon-deploy-config + namespace: {{ .Release.Namespace }} +spec: + agentInstallNamespace: open-cluster-management-agent-addon +{{- end }} diff --git a/charts/managed-serviceaccount/templates/addontemplate/addontemplate.yaml b/charts/managed-serviceaccount/templates/addontemplate/addontemplate.yaml new file mode 100644 index 00000000..b2376daa --- /dev/null +++ b/charts/managed-serviceaccount/templates/addontemplate/addontemplate.yaml @@ -0,0 +1,145 @@ +{{- if eq .Values.hubDeployMode "AddOnTemplate" }} +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: AddOnTemplate +metadata: + name: {{ .Values.addOnTemplateName | default (print "managed-serviceaccount-" .Chart.Version) }} +spec: + addonName: managed-serviceaccount + agentSpec: + workload: + manifests: + # Orphan the agent namespace to handle the upgrade case + # TODO: remove this in the next release + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + addon.open-cluster-management.io/deletion-orphan: "" + name: '{{ `{{INSTALL_NAMESPACE}}` }}' + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: open-cluster-management:managed-serviceaccount:addon-agent + rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: open-cluster-management:managed-serviceaccount:addon-agent + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: open-cluster-management:managed-serviceaccount:addon-agent + subjects: + - kind: ServiceAccount + name: managed-serviceaccount + namespace: open-cluster-management-agent-addon + - apiVersion: apps/v1 + kind: Deployment + metadata: + name: managed-serviceaccount-addon-agent + namespace: open-cluster-management-agent-addon + spec: + replicas: {{ .Values.replicas | default 1 }} + selector: + matchLabels: + addon-agent: managed-serviceaccount + template: + metadata: + labels: + addon-agent: managed-serviceaccount + spec: + containers: + - args: + {{- if gt (int .Values.replicas) 1 }} + - --leader-elect=true + {{- end }} + - --cluster-name={{ `{{CLUSTER_NAME}}` }} # escape double curly brackets, option 1 + - --kubeconfig={{ "{{" }}HUB_KUBECONFIG{{ "}}" }} # escape double curly brackets, option 2 + - --feature-gates=EphemeralIdentity=true + command: + - /agent + image: {{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8000 + initialDelaySeconds: 2 + periodSeconds: 10 + name: addon-agent + serviceAccount: managed-serviceaccount + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: open-cluster-management:managed-serviceaccount:addon-agent + namespace: open-cluster-management-agent-addon + rules: + - apiGroups: + - '' + resources: + - events + verbs: + - create + - apiGroups: + - '' + resources: + - serviceaccounts + - serviceaccounts/token + verbs: + - get + - watch + - list + - create + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + - patch + - apiGroups: + - authentication.k8s.io + resources: + - tokenrequests + verbs: + - get + - create + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: open-cluster-management:managed-serviceaccount:addon-agent + namespace: open-cluster-management-agent-addon + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: open-cluster-management:managed-serviceaccount:addon-agent + subjects: + - kind: ServiceAccount + name: managed-serviceaccount + namespace: open-cluster-management-agent-addon + - apiVersion: v1 + imagePullSecrets: + - name: open-cluster-management-image-pull-credentials + kind: ServiceAccount + metadata: + name: managed-serviceaccount + namespace: open-cluster-management-agent-addon + registration: + - type: KubeClient + kubeClient: + hubPermissions: + - type: CurrentCluster + currentCluster: + clusterRoleName: managed-serviceaccount-addon-agent +{{- end }} diff --git a/charts/managed-serviceaccount/templates/addontemplate/agent-registration-clusterrole.yaml b/charts/managed-serviceaccount/templates/addontemplate/agent-registration-clusterrole.yaml new file mode 100644 index 00000000..d592b2da --- /dev/null +++ b/charts/managed-serviceaccount/templates/addontemplate/agent-registration-clusterrole.yaml @@ -0,0 +1,36 @@ +{{- if eq .Values.hubDeployMode "AddOnTemplate" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: managed-serviceaccount-addon-agent +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update +- apiGroups: + - authentication.open-cluster-management.io + resources: + - managedserviceaccounts + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - authentication.open-cluster-management.io + resources: + - managedserviceaccounts/status + verbs: + - get + - update + - patch +{{- end }} diff --git a/charts/managed-serviceaccount/templates/k8s/addon.yaml b/charts/managed-serviceaccount/templates/k8s/addon.yaml new file mode 100644 index 00000000..93e0ed6c --- /dev/null +++ b/charts/managed-serviceaccount/templates/k8s/addon.yaml @@ -0,0 +1,11 @@ +{{- if not .Values.kubeconfigSecretName }} + +{{- $restpl := $.Files.Get "common/clustermanagementaddon.yaml" -}} +{{ tpl $restpl $ }} + +--- + +{{- $restpl := $.Files.Get "common/managedclusteraddon.yaml" -}} +{{ tpl $restpl $ }} + +{{- end }} diff --git a/charts/managed-serviceaccount/templates/k8s/clusterrole.yaml b/charts/managed-serviceaccount/templates/k8s/clusterrole.yaml new file mode 100644 index 00000000..7ab210af --- /dev/null +++ b/charts/managed-serviceaccount/templates/k8s/clusterrole.yaml @@ -0,0 +1,151 @@ +{{- if and (ne .Values.hubDeployMode "AddOnTemplate") .Values.kubeconfigSecretName }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: open-cluster-management:managed-serviceaccount:addon-manager +rules: + - apiGroups: + - cluster.open-cluster-management.io + resources: + - managedclusters + verbs: + - get + - list + - watch + - apiGroups: + - addon.open-cluster-management.io + resources: + - clustermanagementaddons + verbs: + - get + - list + - watch + - apiGroups: + - addon.open-cluster-management.io + resources: + - clustermanagementaddons/finalizers + verbs: + - update + - apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons/status + verbs: + - update + - patch + - apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons/finalizers + verbs: + - update + - apiGroups: + - addon.open-cluster-management.io + resources: + - addondeploymentconfigs + verbs: + - get + - list + - watch + - apiGroups: + - authentication.open-cluster-management.io + resources: + - managedserviceaccounts + - managedserviceaccounts/status + verbs: + - get + - list + - watch + - update + - patch + {{- if (.Values.featureGates | default dict).ephemeralIdentity }} + - delete + {{- end }} + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - watch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/approval + - certificatesigningrequests/status + verbs: + - update + - apiGroups: + - certificates.k8s.io + resources: + - signers + verbs: + - approve + - sign + resourceNames: + - kubernetes.io/kube-apiserver-client + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - get + - create + - update + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - create + - update + - apiGroups: + - work.open-cluster-management.io + resources: + - manifestworks + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch +{{- end }} diff --git a/charts/managed-serviceaccount/templates/k8s/clusterrolebinding.yaml b/charts/managed-serviceaccount/templates/k8s/clusterrolebinding.yaml new file mode 100644 index 00000000..c939386d --- /dev/null +++ b/charts/managed-serviceaccount/templates/k8s/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{- if and (ne .Values.hubDeployMode "AddOnTemplate") .Values.kubeconfigSecretName }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: open-cluster-management:managed-serviceaccount:addon-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: open-cluster-management:managed-serviceaccount:addon-manager +subjects: + - kind: ServiceAccount + name: managed-serviceaccount + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/managed-serviceaccount/templates/k8s/serviceaccount.yaml b/charts/managed-serviceaccount/templates/k8s/serviceaccount.yaml new file mode 100644 index 00000000..bed9d8d5 --- /dev/null +++ b/charts/managed-serviceaccount/templates/k8s/serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if and (ne .Values.hubDeployMode "AddOnTemplate") .Values.kubeconfigSecretName }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: managed-serviceaccount + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/managed-serviceaccount/templates/manager-deployment.yaml b/charts/managed-serviceaccount/templates/manager-deployment.yaml new file mode 100644 index 00000000..29885436 --- /dev/null +++ b/charts/managed-serviceaccount/templates/manager-deployment.yaml @@ -0,0 +1,61 @@ +{{- if ne .Values.hubDeployMode "AddOnTemplate" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ .Release.Namespace }} + name: managed-serviceaccount-addon-manager +spec: + replicas: {{ .Values.replicas | default 1 }} + selector: + matchLabels: + open-cluster-management.io/addon: managed-serviceaccount + template: + metadata: + labels: + open-cluster-management.io/addon: managed-serviceaccount + spec: + {{- if .Values.kubeconfigSecretName }} + automountServiceAccountToken: false + {{- else }} + serviceAccount: managed-serviceaccount + automountServiceAccountToken: true + {{- end }} + containers: + - name: manager + image: {{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + imagePullPolicy: IfNotPresent + command: + - /manager + args: + {{- if gt (int .Values.replicas) 1 }} + - --leader-elect=true + {{- end }} + - --agent-image-name={{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }} + - --agent-install-all={{ .Values.agentInstallAll }} + {{- if .Values.featureGates }} + - --feature-gates=EphemeralIdentity={{ .Values.featureGates.ephemeralIdentity | default false}} + {{- end}} + {{- if .Values.agentImagePullSecret }} + - --agent-image-pull-secret={{ .Values.agentImagePullSecret }} + {{- end}} + {{- if .Values.kubeconfigSecretName }} + - --kubeconfig=/var/run/secrets/ocm/auth/kubeconfig + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.kubeconfigSecretName }} + - mountPath: /var/run/secrets/ocm/auth + name: ocm-auth + {{- end }} + volumes: + {{- if .Values.kubeconfigSecretName }} + - name: ocm-auth + secret: + defaultMode: 420 + secretName: {{ .Values.kubeconfigSecretName }} + {{- end }} +{{- end }} diff --git a/charts/managed-serviceaccount/templates/ocm-mc/addon.yaml b/charts/managed-serviceaccount/templates/ocm-mc/addon.yaml new file mode 100644 index 00000000..dbcc25f5 --- /dev/null +++ b/charts/managed-serviceaccount/templates/ocm-mc/addon.yaml @@ -0,0 +1,45 @@ +{{- if .Values.kubeconfigSecretName }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: managed-serviceaccount-configure-addon + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook-weight": "2" + "helm.sh/hook": post-install,post-upgrade,post-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +spec: + ttlSecondsAfterFinished: 0 + backoffLimit: 3 + template: + spec: + automountServiceAccountToken: false + containers: + - name: kubectl + image: {{ .Values.kubectl.image }} + workingDir: /var/run/secrets/ocm + command: + - sh + - -c + - | + sleep 2; \ + kubectl --kubeconfig=auth/kubeconfig apply -f - <