diff --git a/.cruft.json b/.cruft.json index 565d324c..ce74ffc5 100644 --- a/.cruft.json +++ b/.cruft.json @@ -1,13 +1,13 @@ { "template": "https://github.com/projectsyn/commodore-component-template.git", - "commit": "d8afca0d957d69b362c2cb45e3f6faa13662dfe2", + "commit": "6559a10aa1b226aa978e2ce593e115c3db984a6c", "checkout": "main", "context": { "cookiecutter": { "name": "Rook Ceph", "slug": "rook-ceph", "parameter_key": "rook_ceph", - "test_cases": "defaults openshift4", + "test_cases": "defaults openshift4 cephfs", "add_lib": "n", "add_pp": "y", "add_golden": "y", diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9e4cd81a..8ee81acb 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -34,6 +34,7 @@ jobs: instance: - defaults - openshift4 + - cephfs defaults: run: working-directory: ${{ env.COMPONENT_NAME }} @@ -50,6 +51,7 @@ jobs: instance: - defaults - openshift4 + - cephfs defaults: run: working-directory: ${{ env.COMPONENT_NAME }} diff --git a/Makefile.vars.mk b/Makefile.vars.mk index 4cd86c86..9fba8ef1 100644 --- a/Makefile.vars.mk +++ b/Makefile.vars.mk @@ -57,4 +57,4 @@ KUBENT_IMAGE ?= ghcr.io/doitintl/kube-no-trouble:latest KUBENT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE) instance ?= defaults -test_instances = tests/defaults.yml tests/openshift4.yml +test_instances = tests/defaults.yml tests/openshift4.yml tests/cephfs.yml diff --git a/class/defaults.yml b/class/defaults.yml index ff89a6ed..46571235 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -112,8 +112,7 @@ parameters: # extended here mirroring: enabled: false - mount_options: - discard: true + mount_options: {} storage_class_config: allowVolumeExpansion: true @@ -225,7 +224,7 @@ parameters: rook: registry: docker.io image: rook/ceph - tag: v1.11.11 + tag: v1.12.7 ceph: registry: quay.io image: ceph/ceph @@ -241,7 +240,7 @@ parameters: charts: # We do not support helm chart versions older than v1.7.0 - rook-ceph: v1.11.11 + rook-ceph: v1.12.7 operator_helm_values: image: diff --git a/class/rook-ceph.yml b/class/rook-ceph.yml index dbd08511..db8bb204 100644 --- a/class/rook-ceph.yml +++ b/class/rook-ceph.yml @@ -35,6 +35,10 @@ parameters: output_path: ${_base_directory}/manifests/${rook_ceph:images:rook:tag}/toolbox.yaml compile: + - input_type: remove + input_paths: + - rook-ceph/helmcharts/rook-ceph/${rook_ceph:charts:rook-ceph}/templates/securityContextConstraints.yaml + output_path: . - input_paths: - rook-ceph/component/app.jsonnet input_type: jsonnet diff --git a/component/alertrules.libsonnet b/component/alertrules.libsonnet index af2c7495..9fbccbdf 100644 --- a/component/alertrules.libsonnet +++ b/component/alertrules.libsonnet @@ -141,10 +141,15 @@ local ignore_groups = std.set([ local add_runbook_url = { rules: [ if std.objectHas(r, 'alert') then - r { + local a = + if r.alert == 'CephPGUnavilableBlockingIO' then + r { alert: 'CephPGUnavailableBlockingIO' } + else + r; + a { annotations+: { [if !std.objectHas(r.annotations, 'runbook_url') then 'runbook_url']: - runbook(r.alert), + runbook(a.alert), }, } else diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index d58e5ca3..87fef245 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -323,8 +323,7 @@ fspool: # extended here mirroring: enabled: false - mount_options: - discard: true + mount_options: {} storage_class_config: allowVolumeExpansion: true ---- @@ -334,9 +333,11 @@ This configuration creates * One `CephFilesystem` resource named `fspool`. This CephFS instance is configured to have 3 replicas both for the metadata pool and its single data pool. By default, the CephFS instance is configured to assume that metadata will consume roughly 20% and data roughly 80% of the storage cluster. -* A storage class which creates PVs on the CephFS instance, supports volume expansion and configures PVs to be mounted with `-o discard`. +* A storage class which creates PVs on the CephFS instance and supports volume expansion. * A `VolumeSnapshotClass` associated with the storage class +NOTE: CephFS doesn't require mount option `discard`, and ceph-csi v3.9.0+ will fail to mount any CephFS volumes if the storage class is configured with mount option `discard`. + The key `data_pools` is provided to avoid having to manage a list of data pools directly in the hierarchy. The values of each key in `data_pools` are placed in the resulting CephFS resource's field `.spec.dataPools` diff --git a/docs/modules/ROOT/pages/runbooks/CephFilesystemMDSRanksLow.adoc b/docs/modules/ROOT/pages/runbooks/CephFilesystemMDSRanksLow.adoc index deafad3b..383a8e98 100644 --- a/docs/modules/ROOT/pages/runbooks/CephFilesystemMDSRanksLow.adoc +++ b/docs/modules/ROOT/pages/runbooks/CephFilesystemMDSRanksLow.adoc @@ -4,7 +4,7 @@ include::partial$runbooks/contribution_note.adoc[] == icon:glasses[] Overview -The filesystem's `max_mds` setting defined the number of MDS ranks in the filesystem. +The filesystem's `max_mds` setting defines the number of MDS ranks in the filesystem. The current number of active MDS daemons is less than this setting. == icon:bug[] Steps for debugging diff --git a/docs/modules/ROOT/pages/runbooks/CephNodeDiskspaceWarning.adoc b/docs/modules/ROOT/pages/runbooks/CephNodeDiskspaceWarning.adoc index 1a57cb61..a7e55b39 100644 --- a/docs/modules/ROOT/pages/runbooks/CephNodeDiskspaceWarning.adoc +++ b/docs/modules/ROOT/pages/runbooks/CephNodeDiskspaceWarning.adoc @@ -4,7 +4,7 @@ include::partial$runbooks/contribution_note.adoc[] == icon:glasses[] Overview -This alert is triggered when the disk space used by a Storage Node will be full in less than 5 days assuming the average fill-up rate of the past 48 hours. +This alert is triggered when the disk space used by a storage node will be full in less than 5 days assuming the average fill-up rate of the past 48 hours. You should increase the space available to the node. The default location for the store sits under /var/lib/rook/ as a `hostPath` volume. diff --git a/docs/modules/ROOT/pages/runbooks/CephNodeInconsistentMTU.adoc b/docs/modules/ROOT/pages/runbooks/CephNodeInconsistentMTU.adoc index 0899162b..59b816b8 100644 --- a/docs/modules/ROOT/pages/runbooks/CephNodeInconsistentMTU.adoc +++ b/docs/modules/ROOT/pages/runbooks/CephNodeInconsistentMTU.adoc @@ -4,7 +4,7 @@ include::partial$runbooks/contribution_note.adoc[] == icon:glasses[] Overview -Node has a different MTU size than the median value on device. +At least one network device on the node has a different MTU size than the median value for that device across all storage nodes. == icon:bug[] Steps for debugging diff --git a/docs/modules/ROOT/pages/runbooks/CephNodeNetworkBondDegraded.adoc b/docs/modules/ROOT/pages/runbooks/CephNodeNetworkBondDegraded.adoc new file mode 100644 index 00000000..3d10abff --- /dev/null +++ b/docs/modules/ROOT/pages/runbooks/CephNodeNetworkBondDegraded.adoc @@ -0,0 +1,12 @@ += Alert rule: CephNodeNetworkBondDegraded + +include::partial$runbooks/contribution_note.adoc[] + +== icon:glasses[] Overview + +A bonded network device is degraded on the node. + +== icon:bug[] Steps for debugging + +// Add detailed steps to debug and resolve the issue + diff --git a/docs/modules/ROOT/pages/runbooks/CephOSDFull.adoc b/docs/modules/ROOT/pages/runbooks/CephOSDFull.adoc index 9d0ce746..577a81aa 100644 --- a/docs/modules/ROOT/pages/runbooks/CephOSDFull.adoc +++ b/docs/modules/ROOT/pages/runbooks/CephOSDFull.adoc @@ -4,8 +4,13 @@ include::partial$runbooks/contribution_note.adoc[] == icon:glasses[] Overview -This alert fires when the Ceph cluster utilization is higher than 85% of the cluster capacity, and the cluster is in read-only mode. -To resolve this alert, unused data should be deleted or the cluster size must be increased. +This alert fires when utilization of a Ceph storage device (disk) is higher than 85% of the device's capacity. +Most likely, the Ceph cluster is in read-only mode when this alert fires. + +This alert may indicate that the cluster utilization has reached problematic levels. +If this alert is triggered by high cluster utilization, unused data should be deleted or the cluster size must be increased. + +Otherwise, investigate why this particular device has higher utilization than the other storage devices in the Ceph cluster. == icon:bug[] Steps for debugging diff --git a/docs/modules/ROOT/pages/runbooks/CephPGUnavailableBlockingIO.adoc b/docs/modules/ROOT/pages/runbooks/CephPGUnavailableBlockingIO.adoc index abfee4df..63445a32 100644 --- a/docs/modules/ROOT/pages/runbooks/CephPGUnavailableBlockingIO.adoc +++ b/docs/modules/ROOT/pages/runbooks/CephPGUnavailableBlockingIO.adoc @@ -1,10 +1,11 @@ = Alert rule: CephPGUnavailableBlockingIO +:page-aliases: runbooks/CephPGUnavilableBlockingIO.adoc include::partial$runbooks/contribution_note.adoc[] == icon:glasses[] Overview -Data availability is reduced impacting the clusters ability to service I/O to some data. +Data availability is reduced impacting the clusters ability to service I/O. One or more placement groups (PGs) are in a state that blocks IO. == icon:bug[] Steps for debugging diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc index 609d77ae..1d2ca01e 100644 --- a/docs/modules/ROOT/partials/nav.adoc +++ b/docs/modules/ROOT/partials/nav.adoc @@ -24,6 +24,7 @@ ** xref:runbooks/CephHealthWarning.adoc[CephHealthWarning] ** xref:runbooks/CephNodeDiskspaceWarning.adoc[CephNodeDiskspaceWarning] ** xref:runbooks/CephNodeInconsistentMTU.adoc[CephNodeInconsistentMTU] +** xref:runbooks/CephNodeNetworkBondDegraded.adoc[CephNodeNetworkBondDegraded] ** xref:runbooks/CephNodeNetworkPacketDrops.adoc[CephNodeNetworkPacketDrops] ** xref:runbooks/CephNodeNetworkPacketErrors.adoc[CephNodeNetworkPacketErrors] ** xref:runbooks/CephNodeRootFilesystemFull.adoc[CephNodeRootFilesystemFull] diff --git a/tests/cephfs.yml b/tests/cephfs.yml new file mode 100644 index 00000000..8b100d7d --- /dev/null +++ b/tests/cephfs.yml @@ -0,0 +1,23 @@ +applications: + - rancher-monitoring + +parameters: + kapitan: + dependencies: + - type: https + source: https://raw.githubusercontent.com/projectsyn/component-storageclass/v1.0.0/lib/storageclass.libsonnet + output_path: vendor/lib/storageclass.libsonnet + + storageclass: + defaults: {} + defaultClass: "" + + rook_ceph: + ceph_cluster: + rbd_enabled: false + cephfs_enabled: true + + rancher_monitoring: + alerts: + ignoreNames: [] + customAnnotations: {} diff --git a/tests/golden/cephfs/rook-ceph/apps/rook-ceph.yaml b/tests/golden/cephfs/rook-ceph/apps/rook-ceph.yaml new file mode 100644 index 00000000..e69de29b diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/00_namespaces.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/00_namespaces.yaml new file mode 100644 index 00000000..5cf18ca8 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/00_namespaces.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: syn-rook-ceph-operator + name: syn-rook-ceph-operator + name: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: syn-rook-ceph-cluster + name: syn-rook-ceph-cluster + name: syn-rook-ceph-cluster diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_aggregated_rbac.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_aggregated_rbac.yaml new file mode 100644 index 00000000..c3087cb4 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_aggregated_rbac.yaml @@ -0,0 +1,115 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-view + name: rook-ceph-view + rbac.authorization.k8s.io/aggregate-to-admin: 'true' + rbac.authorization.k8s.io/aggregate-to-edit: 'true' + rbac.authorization.k8s.io/aggregate-to-view: 'true' + name: rook-ceph-view +rules: + - apiGroups: + - ceph.rook.io + resources: + - cephblockpoolradosnamespaces + - cephblockpools + - cephbucketnotifications + - cephbuckettopics + - cephclients + - cephclusters + - cephfilesystemmirrors + - cephfilesystems + - cephfilesystemsubvolumegroups + - cephnfss + - cephobjectrealms + - cephobjectstores + - cephobjectstoreusers + - cephobjectzonegroups + - cephobjectzones + - cephrbdmirrors + verbs: + - get + - list + - watch + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-edit + name: rook-ceph-edit + rbac.authorization.k8s.io/aggregate-to-admin: 'true' + rbac.authorization.k8s.io/aggregate-to-edit: 'true' + name: rook-ceph-edit +rules: + - apiGroups: + - ceph.rook.io + resources: + - cephblockpoolradosnamespaces + - cephblockpools + - cephbucketnotifications + - cephbuckettopics + - cephclients + - cephclusters + - cephfilesystemmirrors + - cephfilesystems + - cephfilesystemsubvolumegroups + - cephnfss + - cephobjectrealms + - cephobjectstores + - cephobjectstoreusers + - cephobjectzonegroups + - cephobjectzones + - cephrbdmirrors + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims + verbs: + - create + - delete + - deletecollection + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-cluster-reader + name: rook-ceph-cluster-reader + rbac.authorization.k8s.io/aggregate-to-cluster-reader: 'true' + name: rook-ceph-cluster-reader +rules: + - apiGroups: + - objectbucket.io + resources: + - objectbuckets + verbs: + - get + - list + - watch diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml new file mode 100644 index 00000000..4c233042 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml @@ -0,0 +1,359 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-osd + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-mgr + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-cmd-reporter + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-ceph-purge-osd + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-rgw + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: rook-ceph-mgr-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-mgr-cluster +subjects: + - kind: ServiceAccount + name: rook-ceph-mgr + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: rook-ceph-osd +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-osd +subjects: + - kind: ServiceAccount + name: rook-ceph-osd + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rook-ceph-osd + namespace: syn-rook-ceph-operator +rules: + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - update + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - ceph.rook.io + resources: + - cephclusters + - cephclusters/finalizers + verbs: + - get + - list + - create + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rook-ceph-rgw + namespace: syn-rook-ceph-operator +rules: + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rook-ceph-mgr + namespace: syn-rook-ceph-operator +rules: + - apiGroups: + - '' + resources: + - pods + - services + - pods/log + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - ceph.rook.io + resources: + - cephclients + - cephclusters + - cephblockpools + - cephfilesystems + - cephnfses + - cephobjectstores + - cephobjectstoreusers + - cephobjectrealms + - cephobjectzonegroups + - cephobjectzones + - cephbuckettopics + - cephbucketnotifications + - cephrbdmirrors + - cephfilesystemmirrors + - cephfilesystemsubvolumegroups + - cephblockpoolradosnamespaces + - cephcosidrivers + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - apps + resources: + - deployments/scale + - deployments + verbs: + - patch + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rook-ceph-cmd-reporter + namespace: syn-rook-ceph-operator +rules: + - apiGroups: + - '' + resources: + - pods + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rook-ceph-purge-osd + namespace: syn-rook-ceph-operator +rules: + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - update + - delete + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rook-ceph-cluster-mgmt + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-cluster-mgmt +subjects: + - kind: ServiceAccount + name: rook-ceph-system + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rook-ceph-osd + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-osd +subjects: + - kind: ServiceAccount + name: rook-ceph-osd + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rook-ceph-rgw + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-rgw +subjects: + - kind: ServiceAccount + name: rook-ceph-rgw + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rook-ceph-mgr + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-mgr +subjects: + - kind: ServiceAccount + name: rook-ceph-mgr + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rook-ceph-mgr-system + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-mgr-system +subjects: + - kind: ServiceAccount + name: rook-ceph-mgr + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rook-ceph-cmd-reporter + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-cmd-reporter +subjects: + - kind: ServiceAccount + name: rook-ceph-cmd-reporter + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rook-ceph-purge-osd + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-purge-osd +subjects: + - kind: ServiceAccount + name: rook-ceph-purge-osd + namespace: syn-rook-ceph-operator diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml new file mode 100644 index 00000000..dd670bb9 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml @@ -0,0 +1,793 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-system +rules: + - apiGroups: + - '' + resources: + - pods + - pods/log + verbs: + - get + - list + - apiGroups: + - '' + resources: + - pods/exec + verbs: + - create + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - create + - get + - delete + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - get + - update + - delete + - watch + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-cluster-mgmt +rules: + - apiGroups: + - '' + - apps + - extensions + resources: + - secrets + - pods + - pods/log + - services + - configmaps + - deployments + - daemonsets + verbs: + - get + - list + - watch + - patch + - create + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-global +rules: + - apiGroups: + - '' + resources: + - pods + - nodes + - nodes/proxy + - services + - secrets + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + - persistentvolumes + - persistentvolumeclaims + - endpoints + verbs: + - get + - list + - watch + - patch + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - apiGroups: + - ceph.rook.io + resources: + - cephclients + - cephclusters + - cephblockpools + - cephfilesystems + - cephnfses + - cephobjectstores + - cephobjectstoreusers + - cephobjectrealms + - cephobjectzonegroups + - cephobjectzones + - cephbuckettopics + - cephbucketnotifications + - cephrbdmirrors + - cephfilesystemmirrors + - cephfilesystemsubvolumegroups + - cephblockpoolradosnamespaces + - cephcosidrivers + verbs: + - get + - list + - watch + - update + - apiGroups: + - ceph.rook.io + resources: + - cephclients/status + - cephclusters/status + - cephblockpools/status + - cephfilesystems/status + - cephnfses/status + - cephobjectstores/status + - cephobjectstoreusers/status + - cephobjectrealms/status + - cephobjectzonegroups/status + - cephobjectzones/status + - cephbuckettopics/status + - cephbucketnotifications/status + - cephrbdmirrors/status + - cephfilesystemmirrors/status + - cephfilesystemsubvolumegroups/status + - cephblockpoolradosnamespaces/status + verbs: + - update + - apiGroups: + - ceph.rook.io + resources: + - cephclients/finalizers + - cephclusters/finalizers + - cephblockpools/finalizers + - cephfilesystems/finalizers + - cephnfses/finalizers + - cephobjectstores/finalizers + - cephobjectstoreusers/finalizers + - cephobjectrealms/finalizers + - cephobjectzonegroups/finalizers + - cephobjectzones/finalizers + - cephbuckettopics/finalizers + - cephbucketnotifications/finalizers + - cephrbdmirrors/finalizers + - cephfilesystemmirrors/finalizers + - cephfilesystemsubvolumegroups/finalizers + - cephblockpoolradosnamespaces/finalizers + verbs: + - update + - apiGroups: + - policy + - apps + - extensions + resources: + - poddisruptionbudgets + - deployments + - replicasets + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - healthchecking.openshift.io + resources: + - machinedisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - machine.openshift.io + resources: + - machines + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - update + - apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-mgr-cluster +rules: + - apiGroups: + - '' + resources: + - configmaps + - nodes + - nodes/proxy + - persistentvolumes + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rook-ceph-mgr-system +rules: + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-object-bucket +rules: + - apiGroups: + - '' + resources: + - secrets + - configmaps + verbs: + - get + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims + verbs: + - list + - watch + - get + - update + - apiGroups: + - objectbucket.io + resources: + - objectbuckets + verbs: + - list + - watch + - get + - create + - update + - delete + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims/status + - objectbuckets/status + verbs: + - update + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims/finalizers + - objectbuckets/finalizers + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rook-ceph-osd +rules: + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cephfs-csi-nodeplugin +rules: + - apiGroups: + - '' + resources: + - nodes + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cephfs-external-provisioner-runner +rules: + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - '' + resources: + - persistentvolumeclaims/status + verbs: + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rbd-csi-nodeplugin +rules: + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - '' + resources: + - persistentvolumes + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - apiGroups: + - '' + resources: + - serviceaccounts + verbs: + - get + - apiGroups: + - '' + resources: + - serviceaccounts/token + verbs: + - create + - apiGroups: + - '' + resources: + - nodes + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rbd-external-provisioner-runner +rules: + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - persistentvolumeclaims/status + verbs: + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - apiGroups: + - '' + resources: + - serviceaccounts + verbs: + - get + - apiGroups: + - '' + resources: + - serviceaccounts/token + verbs: + - create + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner-role +rules: + - apiGroups: + - objectstorage.k8s.io + resources: + - buckets + - bucketaccesses + - bucketclaims + - bucketaccessclasses + - buckets/status + - bucketaccesses/status + - bucketclaims/status + - bucketaccessclasses/status + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - '' + resources: + - secrets + - events + verbs: + - get + - delete + - update + - create diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..b55dd722 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml @@ -0,0 +1,121 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-system +subjects: + - kind: ServiceAccount + name: rook-ceph-system + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-global +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-global +subjects: + - kind: ServiceAccount + name: rook-ceph-system + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: rook-ceph-object-bucket +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-object-bucket +subjects: + - kind: ServiceAccount + name: rook-ceph-system + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: rbd-csi-nodeplugin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rbd-csi-nodeplugin +subjects: + - kind: ServiceAccount + name: rook-csi-rbd-plugin-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cephfs-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cephfs-external-provisioner-runner +subjects: + - kind: ServiceAccount + name: rook-csi-cephfs-provisioner-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cephfs-csi-nodeplugin-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cephfs-csi-nodeplugin +subjects: + - kind: ServiceAccount + name: rook-csi-cephfs-plugin-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: rbd-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rbd-external-provisioner-runner +subjects: + - kind: ServiceAccount + name: rook-csi-rbd-provisioner-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: objectstorage-provisioner-role +subjects: + - kind: ServiceAccount + name: objectstorage-provisioner + namespace: syn-rook-ceph-operator diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml new file mode 100644 index 00000000..532ad471 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml @@ -0,0 +1,242 @@ +apiVersion: v1 +data: + CSI_CEPHFS_ATTACH_REQUIRED: 'true' + CSI_CEPHFS_FSGROUPPOLICY: File + CSI_CEPHFS_PLUGIN_RESOURCE: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + - name : csi-cephfsplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + CSI_CEPHFS_PROVISIONER_RESOURCE: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-resizer + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-snapshotter + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-cephfsplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + CSI_ENABLE_CEPHFS_SNAPSHOTTER: 'true' + CSI_ENABLE_CSIADDONS: 'false' + CSI_ENABLE_ENCRYPTION: 'false' + CSI_ENABLE_HOST_NETWORK: 'false' + CSI_ENABLE_LIVENESS: 'true' + CSI_ENABLE_METADATA: 'false' + CSI_ENABLE_NFS_SNAPSHOTTER: 'true' + CSI_ENABLE_OMAP_GENERATOR: 'false' + CSI_ENABLE_RBD_SNAPSHOTTER: 'true' + CSI_ENABLE_READ_AFFINITY: 'false' + CSI_ENABLE_TOPOLOGY: 'false' + CSI_FORCE_CEPHFS_KERNEL_CLIENT: 'true' + CSI_GRPC_TIMEOUT_SECONDS: '150' + CSI_NFS_ATTACH_REQUIRED: 'true' + CSI_NFS_FSGROUPPOLICY: File + CSI_NFS_PLUGIN_RESOURCE: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + - name : csi-nfsplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + CSI_NFS_PROVISIONER_RESOURCE: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-nfsplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name : csi-attacher + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: 'false' + CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical + CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical + CSI_PROVISIONER_REPLICAS: '2' + CSI_PROVISIONER_TOLERATIONS: |- + - key: storagenode + operator: Exists + CSI_RBD_ATTACH_REQUIRED: 'true' + CSI_RBD_FSGROUPPOLICY: File + CSI_RBD_PLUGIN_RESOURCE: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + - name : csi-rbdplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + CSI_RBD_PROVISIONER_RESOURCE: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-resizer + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-snapshotter + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + cpu: 200m + - name : csi-rbdplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name : csi-omap-generator + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 100m + ROOK_CEPH_ALLOW_LOOP_DEVICES: 'false' + ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: '15' + ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.7.0 + ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.9.0 + ROOK_CSI_ENABLE_CEPHFS: 'true' + ROOK_CSI_ENABLE_GRPC_METRICS: 'true' + ROOK_CSI_ENABLE_NFS: 'false' + ROOK_CSI_ENABLE_RBD: 'false' + ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent + ROOK_DISABLE_ADMISSION_CONTROLLER: 'true' + ROOK_ENABLE_DISCOVERY_DAEMON: 'false' + ROOK_LOG_LEVEL: INFO + ROOK_OBC_WATCH_OPERATOR_NAMESPACE: 'true' +kind: ConfigMap +metadata: + name: rook-ceph-operator-config diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml new file mode 100644 index 00000000..bc323731 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-operator +spec: + replicas: 1 + selector: + matchLabels: + app: rook-ceph-operator + strategy: + type: Recreate + template: + metadata: + labels: + app: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + spec: + containers: + - args: + - ceph + - operator + env: + - name: ROOK_CURRENT_NAMESPACE_ONLY + value: 'false' + - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED + value: 'false' + - name: ROOK_DISABLE_DEVICE_HOTPLUG + value: 'false' + - name: ROOK_DISCOVER_DEVICES_INTERVAL + value: 60m + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/rook/ceph:v1.12.7 + imagePullPolicy: IfNotPresent + name: rook-ceph-operator + ports: + - containerPort: 9443 + name: https-webhook + protocol: TCP + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 750m + memory: 512Mi + securityContext: + runAsGroup: 2016 + runAsNonRoot: true + runAsUser: 2016 + volumeMounts: + - mountPath: /var/lib/rook + name: rook-config + - mountPath: /etc/ceph + name: default-config-dir + - mountPath: /etc/webhook + name: webhook-cert + nodeSelector: + node-role.kubernetes.io/storage: '' + serviceAccountName: rook-ceph-system + tolerations: + - key: storagenode + operator: Exists + volumes: + - emptyDir: {} + name: rook-config + - emptyDir: {} + name: default-config-dir + - emptyDir: {} + name: webhook-cert diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml new file mode 100644 index 00000000..65c3cca7 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml @@ -0,0 +1,21715 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephblockpoolradosnamespaces.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephBlockPoolRadosNamespace + listKind: CephBlockPoolRadosNamespaceList + plural: cephblockpoolradosnamespaces + singular: cephblockpoolradosnamespace + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CephBlockPoolRadosNamespace represents a Ceph BlockPool Rados + Namespace + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the specification of a Ceph BlockPool Rados + Namespace + properties: + blockPoolName: + description: BlockPoolName is the name of Ceph BlockPool. Typically + it's the name of the CephBlockPool CR. + type: string + required: + - blockPoolName + type: object + status: + description: Status represents the status of a CephBlockPool Rados Namespace + properties: + info: + additionalProperties: + type: string + nullable: true + type: object + phase: + description: ConditionType represent a resource's status + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephblockpools.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephBlockPool + listKind: CephBlockPoolList + plural: cephblockpools + singular: cephblockpool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephBlockPool represents a Ceph Storage Pool + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NamedBlockPoolSpec allows a block pool to be created with + a non-default name. This is more specific than the NamedPoolSpec so + we get schema validation on the allowed pool names that can be specified. + properties: + compressionMode: + description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] + = "force" The inline compression mode in Bluestore OSD to set + to (options are: none, passive, aggressive, force) Do NOT set + a default value for kubebuilder as this will override the Parameters' + enum: + - none + - passive + - aggressive + - force + - '' + nullable: true + type: string + crushRoot: + description: The root of the crush hierarchy utilized by the pool + nullable: true + type: string + deviceClass: + description: The device class the OSD should set to for use in the + pool + nullable: true + type: string + enableRBDStats: + description: EnableRBDStats is used to enable gathering of statistics + for all RBD images in the pool + type: boolean + erasureCoded: + description: The erasure code settings + properties: + algorithm: + description: The algorithm for erasure coding + type: string + codingChunks: + description: Number of coding chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + This is the number of OSDs that can be lost simultaneously + before data cannot be recovered. + minimum: 0 + type: integer + dataChunks: + description: Number of data chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + The number of chunks required to recover an object when any + single OSD is lost is the same as dataChunks so be aware that + the larger the number of data chunks, the higher the cost + of recovery. + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + description: 'The failure domain: osd/host/(region or zone if available) + - technically also any type in the crush map' + type: string + mirroring: + description: The mirroring settings + properties: + enabled: + description: Enabled whether this pool is mirrored or not + type: boolean + mode: + description: 'Mode is the mirroring mode: either pool or image' + type: string + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes Secret + names to add rbd-mirror or cephfs-mirror peers + items: + type: string + type: array + type: object + snapshotSchedules: + description: SnapshotSchedules is the scheduling of snapshot + for mirrored images/pools + items: + description: SnapshotScheduleSpec represents the snapshot + scheduling settings of a mirrored pool + properties: + interval: + description: Interval represent the periodicity of the + snapshot. + type: string + path: + description: Path is the path to snapshot, only valid + for CephFS + type: string + startTime: + description: StartTime indicates when to start the snapshot + type: string + type: object + type: array + type: object + name: + description: The desired name of the pool if different from the + CephBlockPool CR name. + enum: + - device_health_metrics + - .nfs + - .mgr + type: string + parameters: + additionalProperties: + type: string + description: Parameters is a list of properties to enable on a given + pool + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + description: The quota settings + nullable: true + properties: + maxBytes: + description: MaxBytes represents the quota in bytes Deprecated + in favor of MaxSize + format: int64 + type: integer + maxObjects: + description: MaxObjects represents the quota in objects + format: int64 + type: integer + maxSize: + description: MaxSize represents the quota in bytes as a string + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + description: The replication settings + properties: + hybridStorage: + description: HybridStorage represents hybrid storage tier settings + nullable: true + properties: + primaryDeviceClass: + description: PrimaryDeviceClass represents high performance + tier (for example SSD or NVME) for Primary OSD + minLength: 1 + type: string + secondaryDeviceClass: + description: SecondaryDeviceClass represents low performance + tier (for example HDDs) for remaining OSDs + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + description: ReplicasPerFailureDomain the number of replica + in the specified failure domain + minimum: 1 + type: integer + requireSafeReplicaSize: + description: RequireSafeReplicaSize if false allows you to set + replica 1 + type: boolean + size: + description: Size - Number of copies per object in a replicated + storage pool, including the object itself (required for replicated + pool type) + minimum: 0 + type: integer + subFailureDomain: + description: SubFailureDomain the name of the sub-failure domain + type: string + targetSizeRatio: + description: TargetSizeRatio gives a hint (%) to Ceph in terms + of expected consumption of the total cluster capacity + type: number + required: + - size + type: object + statusCheck: + description: The mirroring statusCheck + properties: + mirror: + description: HealthCheckSpec represents the health check of + an object store bucket + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: CephBlockPoolStatus represents the mirroring status of + Ceph Storage Pool + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + info: + additionalProperties: + type: string + nullable: true + type: object + mirroringInfo: + description: MirroringInfoSpec is the status of the pool mirroring + properties: + details: + type: string + lastChanged: + type: string + lastChecked: + type: string + mode: + description: Mode is the mirroring mode + type: string + peers: + description: Peers are the list of peer sites connected to that + cluster + items: + description: PeersSpec contains peer details + properties: + client_name: + description: ClientName is the CephX user used to connect + to the peer + type: string + direction: + description: Direction is the peer mirroring direction + type: string + mirror_uuid: + description: MirrorUUID is the mirror UUID + type: string + site_name: + description: SiteName is the current site name + type: string + uuid: + description: UUID is the peer UUID + type: string + type: object + type: array + site_name: + description: SiteName is the current site name + type: string + type: object + mirroringStatus: + description: MirroringStatusSpec is the status of the pool mirroring + properties: + details: + description: Details contains potential status errors + type: string + lastChanged: + description: LastChanged is the last time time the status last + changed + type: string + lastChecked: + description: LastChecked is the last time time the status was + checked + type: string + summary: + description: Summary is the mirroring status summary + properties: + daemon_health: + description: DaemonHealth is the health of the mirroring + daemon + type: string + health: + description: Health is the mirroring health + type: string + image_health: + description: ImageHealth is the health of the mirrored image + type: string + states: + description: States is the various state for all mirrored + images + nullable: true + properties: + error: + description: Error is when the mirroring state is errored + type: integer + replaying: + description: Replaying is when the replay of the mirroring + journal is on-going + type: integer + starting_replay: + description: StartingReplay is when the replay of the + mirroring journal starts + type: integer + stopped: + description: Stopped is when the mirroring state is + stopped + type: integer + stopping_replay: + description: StopReplaying is when the replay of the + mirroring journal stops + type: integer + syncing: + description: Syncing is when the image is syncing + type: integer + unknown: + description: Unknown is when the mirroring state is + unknown + type: integer + type: object + type: object + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: ConditionType represent a resource's status + type: string + snapshotScheduleStatus: + description: SnapshotScheduleStatusSpec is the status of the snapshot + schedule + properties: + details: + description: Details contains potential status errors + type: string + lastChanged: + description: LastChanged is the last time time the status last + changed + type: string + lastChecked: + description: LastChecked is the last time time the status was + checked + type: string + snapshotSchedules: + description: SnapshotSchedules is the list of snapshots scheduled + items: + description: SnapshotSchedulesSpec is the list of snapshot + scheduled for images in a pool + properties: + image: + description: Image is the mirrored image + type: string + items: + description: Items is the list schedules times for a given + snapshot + items: + description: SnapshotSchedule is a schedule + properties: + interval: + description: Interval is the interval in which snapshots + will be taken + type: string + start_time: + description: StartTime is the snapshot starting + time + type: string + type: object + type: array + namespace: + description: Namespace is the RADOS namespace the image + is part of + type: string + pool: + description: Pool is the pool name + type: string + type: object + nullable: true + type: array + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephbucketnotifications.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephBucketNotification + listKind: CephBucketNotificationList + plural: cephbucketnotifications + singular: cephbucketnotification + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CephBucketNotification represents a Bucket Notifications + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketNotificationSpec represent the spec of a Bucket Notification + properties: + events: + description: List of events that should trigger the notification + items: + description: BucketNotificationSpec represent the event type of + the bucket notification + enum: + - s3:ObjectCreated:* + - s3:ObjectCreated:Put + - s3:ObjectCreated:Post + - s3:ObjectCreated:Copy + - s3:ObjectCreated:CompleteMultipartUpload + - s3:ObjectRemoved:* + - s3:ObjectRemoved:Delete + - s3:ObjectRemoved:DeleteMarkerCreated + type: string + type: array + filter: + description: Spec of notification filter + properties: + keyFilters: + description: Filters based on the object's key + items: + description: NotificationKeyFilterRule represent a single + key rule in the Notification Filter spec + properties: + name: + description: Name of the filter - prefix/suffix/regex + enum: + - prefix + - suffix + - regex + type: string + value: + description: Value to filter on + type: string + required: + - name + - value + type: object + type: array + metadataFilters: + description: Filters based on the object's metadata + items: + description: NotificationFilterRule represent a single rule + in the Notification Filter spec + properties: + name: + description: Name of the metadata or tag + minLength: 1 + type: string + value: + description: Value to filter on + type: string + required: + - name + - value + type: object + type: array + tagFilters: + description: Filters based on the object's tags + items: + description: NotificationFilterRule represent a single rule + in the Notification Filter spec + properties: + name: + description: Name of the metadata or tag + minLength: 1 + type: string + value: + description: Value to filter on + type: string + required: + - name + - value + type: object + type: array + type: object + topic: + description: The name of the topic associated with this notification + minLength: 1 + type: string + required: + - topic + type: object + status: + description: Status represents the status of an object + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephbuckettopics.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephBucketTopic + listKind: CephBucketTopicList + plural: cephbuckettopics + singular: cephbuckettopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephBucketTopic represents a Ceph Object Topic for Bucket Notifications + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketTopicSpec represent the spec of a Bucket Topic + properties: + endpoint: + description: Contains the endpoint spec of the topic + properties: + amqp: + description: Spec of AMQP endpoint + properties: + ackLevel: + default: broker + description: The ack level required for this topic (none/broker/routeable) + enum: + - none + - broker + - routeable + type: string + disableVerifySSL: + description: Indicate whether the server certificate is + validated by the client or not + type: boolean + exchange: + description: Name of the exchange that is used to route + messages based on topics + minLength: 1 + type: string + uri: + description: The URI of the AMQP endpoint to push notification + to + minLength: 1 + type: string + required: + - exchange + - uri + type: object + http: + description: Spec of HTTP endpoint + properties: + disableVerifySSL: + description: Indicate whether the server certificate is + validated by the client or not + type: boolean + sendCloudEvents: + description: 'Send the notifications with the CloudEvents + header: https://github.com/cloudevents/spec/blob/main/cloudevents/adapters/aws-s3.md + Supported for Ceph Quincy (v17) or newer.' + type: boolean + uri: + description: The URI of the HTTP endpoint to push notification + to + minLength: 1 + type: string + required: + - uri + type: object + kafka: + description: Spec of Kafka endpoint + properties: + ackLevel: + default: broker + description: The ack level required for this topic (none/broker) + enum: + - none + - broker + type: string + disableVerifySSL: + description: Indicate whether the server certificate is + validated by the client or not + type: boolean + uri: + description: The URI of the Kafka endpoint to push notification + to + minLength: 1 + type: string + useSSL: + description: Indicate whether to use SSL when communicating + with the broker + type: boolean + required: + - uri + type: object + type: object + objectStoreName: + description: The name of the object store on which to define the + topic + minLength: 1 + type: string + objectStoreNamespace: + description: The namespace of the object store on which to define + the topic + minLength: 1 + type: string + opaqueData: + description: Data which is sent in each event + type: string + persistent: + description: Indication whether notifications to this endpoint are + persistent or not + type: boolean + required: + - endpoint + - objectStoreName + - objectStoreNamespace + type: object + status: + description: BucketTopicStatus represents the Status of a CephBucketTopic + properties: + ARN: + description: The ARN of the topic generated by the RGW + nullable: true + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephclients.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephClient + listKind: CephClientList + plural: cephclients + singular: cephclient + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephClient represents a Ceph Client + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the specification of a Ceph Client + properties: + caps: + additionalProperties: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + name: + type: string + required: + - caps + type: object + status: + description: Status represents the status of a Ceph Client + properties: + info: + additionalProperties: + type: string + nullable: true + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: ConditionType represent a resource's status + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephclusters.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephCluster + listKind: CephClusterList + plural: cephclusters + singular: cephcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Directory used on the K8s nodes + jsonPath: .spec.dataDirHostPath + name: DataDirHostPath + type: string + - description: Number of MONs + jsonPath: .spec.mon.count + name: MonCount + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + - description: Message + jsonPath: .status.message + name: Message + type: string + - description: Ceph Health + jsonPath: .status.ceph.health + name: Health + type: string + - jsonPath: .spec.external.enable + name: External + type: boolean + - description: Ceph FSID + jsonPath: .status.ceph.fsid + name: FSID + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephCluster is a Ceph storage cluster + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec represents the specification of Ceph Cluster + properties: + annotations: + additionalProperties: + additionalProperties: + type: string + description: Annotations are annotations + type: object + description: The annotations-related configuration to add/set on + each Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + cephVersion: + description: The version information that instructs Rook to orchestrate + a particular version of Ceph. + nullable: true + properties: + allowUnsupported: + description: Whether to allow unsupported versions (do not set + to true in production) + type: boolean + image: + description: Image is the container image used to launch the + ceph daemons, such as quay.io/ceph/ceph: The full list + of images can be found at https://quay.io/repository/ceph/ceph?tab=tags + type: string + imagePullPolicy: + description: ImagePullPolicy describes a policy for if/when + to pull a container image One of Always, Never, IfNotPresent. + enum: + - IfNotPresent + - Always + - Never + - '' + type: string + type: object + cleanupPolicy: + description: Indicates user intent when deleting a cluster; blocks + orchestration and should not be set if cluster deletion is not + imminent. + nullable: true + properties: + allowUninstallWithVolumes: + description: AllowUninstallWithVolumes defines whether we can + proceed with the uninstall if they are RBD images still present + type: boolean + confirmation: + description: Confirmation represents the cleanup confirmation + nullable: true + pattern: ^$|^yes-really-destroy-data$ + type: string + sanitizeDisks: + description: SanitizeDisks represents way we sanitize disks + nullable: true + properties: + dataSource: + description: DataSource is the data source to use to sanitize + the disk with + enum: + - zero + - random + type: string + iteration: + description: Iteration is the number of pass to apply the + sanitizing + format: int32 + type: integer + method: + description: Method is the method we use to sanitize disks + enum: + - complete + - quick + type: string + type: object + type: object + continueUpgradeAfterChecksEvenIfNotHealthy: + description: ContinueUpgradeAfterChecksEvenIfNotHealthy defines + if an upgrade should continue even if PGs are not clean + type: boolean + crashCollector: + description: A spec for the crash controller + nullable: true + properties: + daysToRetain: + description: DaysToRetain represents the number of days to retain + crash until they get pruned + type: integer + disable: + description: Disable determines whether we should enable the + crash collector + type: boolean + type: object + dashboard: + description: Dashboard settings + nullable: true + properties: + enabled: + description: Enabled determines whether to enable the dashboard + type: boolean + port: + description: Port is the dashboard webserver port + maximum: 65535 + minimum: 0 + type: integer + prometheusEndpoint: + description: Endpoint for the Prometheus host + type: string + prometheusEndpointSSLVerify: + description: Whether to verify the ssl endpoint for prometheus. + Set to false for a self-signed cert. + type: boolean + ssl: + description: SSL determines whether SSL should be used + type: boolean + urlPrefix: + description: URLPrefix is a prefix for all URLs to use the dashboard + with a reverse proxy + type: string + type: object + dataDirHostPath: + description: The path on the host where config and data can be persisted + pattern: ^/(\S+) + type: string + disruptionManagement: + description: A spec for configuring disruption management. + nullable: true + properties: + machineDisruptionBudgetNamespace: + description: Deprecated. Namespace to look for MDBs by the machineDisruptionBudgetController + type: string + manageMachineDisruptionBudgets: + description: Deprecated. This enables management of machinedisruptionbudgets. + type: boolean + managePodBudgets: + description: This enables management of poddisruptionbudgets + type: boolean + osdMaintenanceTimeout: + description: OSDMaintenanceTimeout sets how many additional + minutes the DOWN/OUT interval is for drained failure domains + it only works if managePodBudgets is true. the default is + 30 minutes + format: int64 + type: integer + pgHealthCheckTimeout: + description: PGHealthCheckTimeout is the time (in minutes) that + the operator will wait for the placement groups to become + healthy (active+clean) after a drain was completed and OSDs + came back up. Rook will continue with the next drain if the + timeout exceeds. It only works if managePodBudgets is true. + No values or 0 means that the operator will wait until the + placement groups are healthy before unblocking the next drain. + format: int64 + type: integer + type: object + external: + description: Whether the Ceph Cluster is running external to this + Kubernetes cluster mon, mgr, osd, mds, and discover daemons will + not be created for external clusters. + nullable: true + properties: + enable: + description: Enable determines whether external mode is enabled + or not + type: boolean + type: object + x-kubernetes-preserve-unknown-fields: true + healthCheck: + description: Internal daemon healthchecks and liveness probe + nullable: true + properties: + daemonHealth: + description: DaemonHealth is the health check for a given daemon + nullable: true + properties: + mon: + description: Monitor represents the health check settings + for the Ceph monitor + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + osd: + description: ObjectStorageDaemon represents the health check + settings for the Ceph OSDs + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + status: + description: Status represents the health check settings + for the Ceph health + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + type: object + livenessProbe: + additionalProperties: + description: ProbeSpec is a wrapper around Probe so it can + be enabled or disabled for a Ceph daemon + properties: + disabled: + description: Disabled determines whether probe is disable + or not + type: boolean + probe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive + or ready to receive traffic. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service\ + \ to place in the gRPC HealthCheckRequest (see\ + \ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default behavior\ + \ is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + type: object + description: LivenessProbe allows changing the livenessProbe + configuration for a given daemon + type: object + startupProbe: + additionalProperties: + description: ProbeSpec is a wrapper around Probe so it can + be enabled or disabled for a Ceph daemon + properties: + disabled: + description: Disabled determines whether probe is disable + or not + type: boolean + probe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive + or ready to receive traffic. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service\ + \ to place in the gRPC HealthCheckRequest (see\ + \ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default behavior\ + \ is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + type: object + description: StartupProbe allows changing the startupProbe configuration + for a given daemon + type: object + type: object + labels: + additionalProperties: + additionalProperties: + type: string + description: Labels are label for a given daemons + type: object + description: The labels-related configuration to add/set on each + Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + logCollector: + description: Logging represents loggings settings + nullable: true + properties: + enabled: + description: Enabled represents whether the log collector is + enabled + type: boolean + maxLogSize: + anyOf: + - type: integer + - type: string + description: MaxLogSize is the maximum size of the log per ceph + daemons. Must be at least 1M. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + periodicity: + description: Periodicity is the periodicity of the log rotation. + pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$ + type: string + type: object + mgr: + description: A spec for mgr related options + nullable: true + properties: + allowMultiplePerNode: + description: AllowMultiplePerNode allows to run multiple managers + on the same node (not recommended) + type: boolean + count: + description: Count is the number of manager daemons to run + maximum: 5 + minimum: 0 + type: integer + modules: + description: Modules is the list of ceph manager modules to + enable/disable + items: + description: Module represents mgr modules that the user wants + to enable or disable + properties: + enabled: + description: Enabled determines whether a module should + be enabled or not + type: boolean + name: + description: Name is the name of the ceph manager module + type: string + type: object + nullable: true + type: array + type: object + mon: + description: A spec for mon related options + nullable: true + properties: + allowMultiplePerNode: + description: AllowMultiplePerNode determines if we can run multiple + monitors on the same node (not recommended) + type: boolean + count: + description: Count is the number of Ceph monitors + maximum: 9 + minimum: 0 + type: integer + failureDomainLabel: + type: string + stretchCluster: + description: StretchCluster is the stretch cluster specification + properties: + failureDomainLabel: + description: 'FailureDomainLabel the failure domain name + (e,g: zone)' + type: string + subFailureDomain: + description: SubFailureDomain is the failure domain within + a zone + type: string + zones: + description: Zones is the list of zones + items: + description: MonZoneSpec represents the specification + of a zone in a Ceph Cluster + properties: + arbiter: + description: Arbiter determines if the zone contains + the arbiter used for stretch cluster mode + type: boolean + name: + description: Name is the name of the zone + type: string + volumeClaimTemplate: + description: VolumeClaimTemplate is the PVC template + properties: + apiVersion: + description: 'APIVersion defines the versioned + schema of this representation of an object. + Servers should convert recognized schemas to + the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics + of a volume requested by a pod author. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used + to specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the + object from which to populate the volume + with data, if a non-empty volume is desired. + This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume + binding will only succeed if the type of + the specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the + same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the other is + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves + all values, and generates an error if a + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are lower + than previous value but must still be higher + than capacity recorded in the status field + of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of\ + \ resources, defined in spec.resourceClaims,\ + \ that are used by this container. \n\ + \ This is an alpha field and requires\ + \ enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable.\ + \ It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name + of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type + of volume is required by the claim. Value + of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual + access modes the volume backing the PVC + has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update with ClaimResourceStatus + for a resource that it does not recognizes, + then it should ignore that update and + let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either:\ + \ * Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must\ + \ use implementation-defined prefixed names\ + \ such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are\ + \ unprefixed or have kubernetes.io prefix\ + \ are considered reserved and hence may\ + \ not be used. \n ClaimResourceStatus can\ + \ be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane.\ + \ - ControllerResizeFailed: State set when\ + \ resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending:\ + \ State set when resize controller has finished\ + \ resizing the volume but further resizing\ + \ of volume is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing\ + \ the volume. - NodeResizeFailed: State\ + \ set when resizing has failed in kubelet\ + \ with a terminal error. Transient errors\ + \ don't set NodeResizeFailed. For example:\ + \ if expanding a PVC for more capacity -\ + \ this field can be one of the following\ + \ states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field\ + \ is not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A\ + \ controller that receives PVC update with\ + \ previously unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing\ + \ capacity of the volume, should ignore\ + \ PVC updates that change other valid resources\ + \ associated with PVC. \n This is an alpha\ + \ field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including\ + \ its capacity. Key names follow standard\ + \ Kubernetes label syntax. Valid values\ + \ are either: * Un-prefixed keys: - storage\ + \ - the capacity of the volume. * Custom\ + \ resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are\ + \ unprefixed or have kubernetes.io prefix\ + \ are considered reserved and hence may\ + \ not be used. \n Capacity reported here\ + \ may be larger than the actual capacity\ + \ when a volume expansion operation is requested.\ + \ For storage quota, the larger value from\ + \ allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not\ + \ set, PVC.spec.resources alone is used\ + \ for quota calculation. If a volume expansion\ + \ capacity request is lowered, allocatedResources\ + \ is only lowered if there are no expansion\ + \ operations in progress and if the actual\ + \ volume capacity is equal or lower than\ + \ the requested capacity. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName should ignore the\ + \ update for the purpose it was designed.\ + \ For example - a controller that only is\ + \ responsible for resizing capacity of the\ + \ volume, should ignore PVC updates that\ + \ change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual + resources of the underlying volume. + type: object + conditions: + description: conditions is the current Condition + of persistent volume claim. If underlying + persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition + contains details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time + we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the + time the condition transitioned from + one status to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last + transition. + type: string + reason: + description: reason is a unique, this + should be a short, machine understandable + string that gives the reason for condition's + last transition. If it reports "ResizeStarted" + that means the underlying persistent + volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current + phase of PersistentVolumeClaim. + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + nullable: true + type: array + type: object + volumeClaimTemplate: + description: VolumeClaimTemplate is the PVC definition + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of + this representation of an object. Servers should convert + recognized schemas to the latest internal value, and may + reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics of + a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on + the contents of the specified data source. When the + AnyVolumeDataSource feature gate is enabled, dataSource + contents will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is + specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace to + allow that namespace's owner to accept the reference. + See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the + status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are used\ + \ by this container. \n This is an alpha field\ + \ and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It\ + \ can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual access + modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status\ + \ of resource being resized for the given PVC. Key\ + \ names follow standard Kubernetes label syntax. Valid\ + \ values are either: * Un-prefixed keys: - storage\ + \ - the capacity of the volume. * Custom resources\ + \ must use implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart from\ + \ above values - keys that are unprefixed or have\ + \ kubernetes.io prefix are considered reserved and\ + \ hence may not be used. \n ClaimResourceStatus can\ + \ be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending: State\ + \ set when resize controller has finished resizing\ + \ the volume but further resizing of volume is needed\ + \ on the node. - NodeResizeInProgress: State set when\ + \ kubelet starts resizing the volume. - NodeResizeFailed:\ + \ State set when resizing has failed in kubelet with\ + \ a terminal error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more capacity\ + \ - this field can be one of the following states:\ + \ - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is not set,\ + \ it means that no resize operation is in progress\ + \ for the given PVC. \n A controller that receives\ + \ PVC update with previously unknown resourceName\ + \ or ClaimResourceStatus should ignore the update\ + \ for the purpose it was designed. For example - a\ + \ controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity. Key names\ + \ follow standard Kubernetes label syntax. Valid values\ + \ are either: * Un-prefixed keys: - storage - the\ + \ capacity of the volume. * Custom resources must\ + \ use implementation-defined prefixed names such as\ + \ \"example.com/my-custom-resource\" Apart from above\ + \ values - keys that are unprefixed or have kubernetes.io\ + \ prefix are considered reserved and hence may not\ + \ be used. \n Capacity reported here may be larger\ + \ than the actual capacity when a volume expansion\ + \ operation is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set, PVC.spec.resources\ + \ alone is used for quota calculation. If a volume\ + \ expansion capacity request is lowered, allocatedResources\ + \ is only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity is\ + \ equal or lower than the requested capacity. \n A\ + \ controller that receives PVC update with previously\ + \ unknown resourceName should ignore the update for\ + \ the purpose it was designed. For example - a controller\ + \ that only is responsible for resizing capacity of\ + \ the volume, should ignore PVC updates that change\ + \ other valid resources associated with PVC. \n This\ + \ is an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition of + persistent volume claim. If underlying persistent + volume is being resized then the Condition will be + set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should be + a short, machine understandable string that + gives the reason for condition's last transition. + If it reports "ResizeStarted" that means the + underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + zones: + description: Zones are specified when we want to provide zonal + awareness to mons + items: + description: MonZoneSpec represents the specification of a + zone in a Ceph Cluster + properties: + arbiter: + description: Arbiter determines if the zone contains the + arbiter used for stretch cluster mode + type: boolean + name: + description: Name is the name of the zone + type: string + volumeClaimTemplate: + description: VolumeClaimTemplate is the PVC template + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics + of a volume requested by a pod author. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may be + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity + recorded in the status field of the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are\ + \ used by this container. \n This is an\ + \ alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only\ + \ be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual + access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, then + it should ignore that update and let other + controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the given\ + \ PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: * Un-prefixed\ + \ keys: - storage - the capacity of the volume.\ + \ * Custom resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize\ + \ controller with a terminal error. - NodeResizePending:\ + \ State set when resize controller has finished\ + \ resizing the volume but further resizing of\ + \ volume is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more capacity\ + \ - this field can be one of the following states:\ + \ - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously unknown\ + \ resourceName or ClaimResourceStatus should\ + \ ignore the update for the purpose it was designed.\ + \ For example - a controller that only is responsible\ + \ for resizing capacity of the volume, should\ + \ ignore PVC updates that change other valid\ + \ resources associated with PVC. \n This is\ + \ an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity.\ + \ Key names follow standard Kubernetes label\ + \ syntax. Valid values are either: * Un-prefixed\ + \ keys: - storage - the capacity of the volume.\ + \ * Custom resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update with\ + \ previously unknown resourceName should ignore\ + \ the update for the purpose it was designed.\ + \ For example - a controller that only is responsible\ + \ for resizing capacity of the volume, should\ + \ ignore PVC updates that change other valid\ + \ resources associated with PVC. \n This is\ + \ an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition + of persistent volume claim. If underlying persistent + volume is being resized then the Condition will + be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition + contains details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last + transition. + type: string + reason: + description: reason is a unique, this should + be a short, machine understandable string + that gives the reason for condition's + last transition. If it reports "ResizeStarted" + that means the underlying persistent volume + is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + type: object + monitoring: + description: Prometheus based Monitoring settings + nullable: true + properties: + enabled: + description: Enabled determines whether to create the prometheus + rules for the ceph cluster. If true, the prometheus types + must exist or the creation will fail. Default is false. + type: boolean + externalMgrEndpoints: + description: ExternalMgrEndpoints points to an existing Ceph + prometheus exporter endpoint + items: + description: EndpointAddress is a tuple that describes single + IP address. + properties: + hostname: + description: The Hostname of this endpoint + type: string + ip: + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or + fe80::/10), or link-local multicast (224.0.0.0/24 or + ff02::/16). + type: string + nodeName: + description: 'Optional: Node hosting this endpoint. This + can be used to determine endpoints local to a node.' + type: string + targetRef: + description: Reference to object providing the endpoint. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ip + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + externalMgrPrometheusPort: + description: ExternalMgrPrometheusPort Prometheus exporter port + maximum: 65535 + minimum: 0 + type: integer + interval: + description: Interval determines prometheus scrape interval + type: string + metricsDisabled: + description: Whether to disable the metrics reported by Ceph. + If false, the prometheus mgr module and Ceph exporter are + enabled. If true, the prometheus mgr module and Ceph exporter + are both disabled. Default is false. + type: boolean + port: + description: Port is the prometheus server port + maximum: 65535 + minimum: 0 + type: integer + type: object + network: + description: Network related configuration + nullable: true + properties: + addressRanges: + description: AddressRanges specify a list of CIDRs that Rook + will apply to Ceph's 'public_network' and/or 'cluster_network' + configurations. This config section may be used for the "host" + or "multus" network providers. + nullable: true + properties: + cluster: + description: Cluster defines a list of CIDRs to use for + Ceph cluster network communication. + items: + description: "An IPv4 or IPv6 network CIDR. \n This naive\ + \ kubebuilder regex provides immediate feedback for\ + \ some typos and for a common problem case where the\ + \ range spec is forgotten (e.g., /24). Rook does in-depth\ + \ validation in code." + pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ + type: string + type: array + public: + description: Public defines a list of CIDRs to use for Ceph + public network communication. + items: + description: "An IPv4 or IPv6 network CIDR. \n This naive\ + \ kubebuilder regex provides immediate feedback for\ + \ some typos and for a common problem case where the\ + \ range spec is forgotten (e.g., /24). Rook does in-depth\ + \ validation in code." + pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ + type: string + type: array + type: object + connections: + description: Settings for network connections such as compression + and encryption across the wire. + nullable: true + properties: + compression: + description: Compression settings for the network connections. + nullable: true + properties: + enabled: + description: Whether to compress the data in transit + across the wire. The default is not set. Requires + Ceph Quincy (v17) or newer. + type: boolean + type: object + encryption: + description: Encryption settings for the network connections. + nullable: true + properties: + enabled: + description: Whether to encrypt the data in transit + across the wire to prevent eavesdropping the data + on the network. The default is not set. Even if encryption + is not enabled, clients still establish a strong initial + authentication for the connection and data integrity + is still validated with a crc check. When encryption + is enabled, all communication between clients and + Ceph daemons, or between Ceph daemons will be encrypted. + type: boolean + type: object + requireMsgr2: + description: Whether to require msgr2 (port 3300) even if + compression or encryption are not enabled. If true, the + msgr1 port (6789) will be disabled. Requires a kernel + that supports msgr2 (kernel 5.11 or CentOS 8.4 or newer). + type: boolean + type: object + dualStack: + description: DualStack determines whether Ceph daemons should + listen on both IPv4 and IPv6 + type: boolean + hostNetwork: + description: HostNetwork to enable host network + type: boolean + ipFamily: + description: IPFamily is the single stack IPv6 or IPv4 protocol + enum: + - IPv4 + - IPv6 + nullable: true + type: string + multiClusterService: + description: Enable multiClusterService to export the Services + between peer clusters + properties: + clusterID: + description: 'ClusterID uniquely identifies a cluster. It + is used as a prefix to nslookup exported services. For + example: ...svc.clusterset.local' + type: string + enabled: + description: Enable multiClusterService to export the mon + and OSD services to peer cluster. Ensure that peer clusters + are connected using an MCS API compatible application, + like Globalnet Submariner. + type: boolean + type: object + provider: + description: Provider is what provides network connectivity + to the cluster e.g. "host" or "multus" + enum: + - '' + - host + - multus + nullable: true + type: string + selectors: + additionalProperties: + type: string + description: "Selectors define NetworkAttachmentDefinitions\ + \ to be used for Ceph public and/or cluster networks when\ + \ the \"multus\" network provider is used. This config section\ + \ is not used for other network providers. \n Valid keys are\ + \ \"public\" and \"cluster\". Refer to Ceph networking documentation\ + \ for more: https://docs.ceph.com/en/reef/rados/configuration/network-config-ref/\ + \ \n Refer to Multus network annotation documentation for\ + \ help selecting values: https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation\ + \ \n Rook will make a best-effort attempt to automatically\ + \ detect CIDR address ranges for given network attachment\ + \ definitions. Rook's methods are robust but may be imprecise\ + \ for sufficiently complicated networks. Rook's auto-detection\ + \ process obtains a new IP address lease for each CephCluster\ + \ reconcile. If Rook fails to detect, incorrectly detects,\ + \ only partially detects, or if underlying networks do not\ + \ support reusing old IP addresses, it is best to use the\ + \ 'addressRanges' config section to specify CIDR ranges for\ + \ the Ceph cluster. \n As a contrived example, one can use\ + \ a theoretical Kubernetes-wide network for Ceph client traffic\ + \ and a theoretical Rook-only network for Ceph replication\ + \ traffic as shown: selectors: public: \"default/cluster-fast-net\"\ + \ cluster: \"rook-ceph/ceph-backend-net\"" + nullable: true + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + placement: + additionalProperties: + description: Placement is the placement for an object + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti + affinity scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be\ + \ calculated. The keys are used to lookup values from\ + \ the incoming pod labels, those key-value labels\ + \ are ANDed with labelSelector to select the group\ + \ of existing pods over which spreading will be calculated\ + \ for the incoming pod. The same key is forbidden\ + \ to exist in both MatchLabelKeys and LabelSelector.\ + \ MatchLabelKeys cannot be set when LabelSelector\ + \ isn't set. Keys that don't exist in the incoming\ + \ pod labels will be ignored. A null or empty list\ + \ means only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or zero + if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as + 2/2/1: In this case, the global minimum is 1. | zone1 + | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 + to become 2/2/2; scheduling it onto zone1(zone2) would + make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto + any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number\ + \ of eligible domains. When the number of eligible\ + \ domains with matching topology keys is less than\ + \ minDomains, Pod Topology Spread treats \"global\ + \ minimum\" as 0, and then the calculation of Skew\ + \ is performed. And when the number of eligible domains\ + \ with matching topology keys equals or greater than\ + \ minDomains, this value has no effect on scheduling.\ + \ As a result, when the number of eligible domains\ + \ is less than minDomains, scheduler won't schedule\ + \ more than maxSkew Pods to those domains. If value\ + \ is nil, the constraint behaves as if MinDomains\ + \ is equal to 1. Valid values are integers greater\ + \ than 0. When value is not nil, WhenUnsatisfiable\ + \ must be DoNotSchedule. \n For example, in a 3-zone\ + \ cluster, MaxSkew is set to 2, MinDomains is set\ + \ to 5 and pods with the same labelSelector spread\ + \ as 2/2/2: | zone1 | zone2 | zone3 | | P P | P\ + \ P | P P | The number of domains is less than\ + \ 5(MinDomains), so \"global minimum\" is treated\ + \ as 0. In this situation, new pod with the same labelSelector\ + \ cannot be scheduled, because computed skew will\ + \ be 3(3 - 0) if new Pod is scheduled to any of the\ + \ three zones, it will violate MaxSkew. \n This is\ + \ a beta field and requires the MinDomainsInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will\ + \ treat Pod's nodeAffinity/nodeSelector when calculating\ + \ pod topology spread skew. Options are: - Honor:\ + \ only nodes matching nodeAffinity/nodeSelector are\ + \ included in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will\ + \ treat node taints when calculating pod topology\ + \ spread skew. Options are: - Honor: nodes without\ + \ taints, along with tainted nodes for which the incoming\ + \ pod has a toleration, are included. - Ignore: node\ + \ taints are ignored. All nodes are included. \n If\ + \ this value is nil, the behavior is equivalent to\ + \ the Ignore policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and try + to put balanced number of pods into each bucket. We + define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose + nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node + assignment for that pod would violate "MaxSkew" on + some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P + | P | P | If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) + satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + description: The placement-related configuration to pass to kubernetes + (affinity, node selector, tolerations). + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + priorityClassNames: + additionalProperties: + type: string + description: PriorityClassNames sets priority classes on components + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + removeOSDsIfOutAndSafeToRemove: + description: Remove the OSD that is out and safe to remove only + if this option is true + type: boolean + resources: + additionalProperties: + description: ResourceRequirements describes the compute resource + requirements. + properties: + claims: + description: "Claims lists the names of resources, defined\ + \ in spec.resourceClaims, that are used by this container.\ + \ \n This is an alpha field and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It can only\ + \ be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + description: Resources set resource requests and limits + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + security: + description: Security represents security settings + nullable: true + properties: + keyRotation: + description: KeyRotation defines options for Key Rotation. + nullable: true + properties: + enabled: + default: false + description: Enabled represents whether the key rotation + is enabled. + type: boolean + schedule: + description: Schedule represents the cron schedule for key + rotation. + type: string + type: object + kms: + description: KeyManagementService is the main Key Management + option + nullable: true + properties: + connectionDetails: + additionalProperties: + type: string + description: ConnectionDetails contains the KMS connection + details (address, port etc) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + tokenSecretName: + description: TokenSecretName is the kubernetes secret containing + the KMS token + type: string + type: object + type: object + skipUpgradeChecks: + description: SkipUpgradeChecks defines if an upgrade should be forced + even if one of the check fails + type: boolean + storage: + description: A spec for available storage in the cluster and how + it should be used + nullable: true + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + deviceFilter: + description: A regular expression to allow more fine-grained + selection of devices on nodes across the cluster + type: string + devicePathFilter: + description: A regular expression to allow more fine-grained + selection of devices with path names + type: string + devices: + description: List of devices to use as storage devices + items: + description: Device represents a disk to use in the cluster + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + fullpath: + type: string + name: + type: string + type: object + nullable: true + type: array + x-kubernetes-preserve-unknown-fields: true + flappingRestartIntervalHours: + description: FlappingRestartIntervalHours defines the time for + which the OSD pods, that failed with zero exit code, will + sleep before restarting. This is needed for OSD flapping where + OSD daemons are marked down more than 5 times in 600 seconds + by Ceph. Preventing the OSD pods to restart immediately in + such scenarios will prevent Rook from marking OSD as `up` + and thus peering of the PGs mapped to the OSD. User needs + to manually restart the OSD pod if they manage to fix the + underlying OSD flapping issue before the restart interval. + The sleep will be disabled if this interval is set to 0. + type: integer + nodes: + items: + description: Node is a storage nodes + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + deviceFilter: + description: A regular expression to allow more fine-grained + selection of devices on nodes across the cluster + type: string + devicePathFilter: + description: A regular expression to allow more fine-grained + selection of devices with path names + type: string + devices: + description: List of devices to use as storage devices + items: + description: Device represents a disk to use in the + cluster + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + fullpath: + type: string + name: + type: string + type: object + nullable: true + type: array + x-kubernetes-preserve-unknown-fields: true + name: + type: string + resources: + description: ResourceRequirements describes the compute + resource requirements. + nullable: true + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are used\ + \ by this container. \n This is an alpha field and\ + \ requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It can\ + \ only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + useAllDevices: + description: Whether to consume all the storage devices + found on a machine + type: boolean + volumeClaimTemplates: + description: PersistentVolumeClaims to use as storage + items: + description: PersistentVolumeClaim is a user's request + for and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics + of a volume requested by a pod author. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may + be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding + will only succeed if the type of the specified + object matches some installed volume populator + or dynamic provisioner. This field will replace + the functionality of the dataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same + value automatically if one of them is empty + and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all + values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows + objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of\ + \ resources, defined in spec.resourceClaims,\ + \ that are used by this container. \n\ + \ This is an alpha field and requires\ + \ enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable.\ + \ It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual + access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, + then it should ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane. -\ + \ ControllerResizeFailed: State set when resize\ + \ has failed in resize controller with a terminal\ + \ error. - NodeResizePending: State set when\ + \ resize controller has finished resizing\ + \ the volume but further resizing of volume\ + \ is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more\ + \ capacity - this field can be one of the\ + \ following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including its\ + \ capacity. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update\ + \ with previously unknown resourceName should\ + \ ignore the update for the purpose it was\ + \ designed. For example - a controller that\ + \ only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual + resources of the underlying volume. + type: object + conditions: + description: conditions is the current Condition + of persistent volume claim. If underlying + persistent volume is being resized then the + Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition + contains details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time + we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the + time the condition transitioned from + one status to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last + transition. + type: string + reason: + description: reason is a unique, this + should be a short, machine understandable + string that gives the reason for condition's + last transition. If it reports "ResizeStarted" + that means the underlying persistent + volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + type: object + nullable: true + type: array + onlyApplyOSDPlacement: + type: boolean + storageClassDeviceSets: + items: + description: StorageClassDeviceSet is a storage class device + set + properties: + config: + additionalProperties: + type: string + description: Provider-specific device configuration + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count is the number of devices in this set + minimum: 1 + type: integer + encrypted: + description: Whether to encrypt the deviceSet + type: boolean + name: + description: Name is a unique identifier for the set + type: string + placement: + description: Placement is the placement for an object + nullable: true + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a + node that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by + iterating through the elements of this field + and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling + term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + If the operator is Gt or Lt, + the values array must have a + single element, which will be + interpreted as an integer. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + If the operator is Gt or Lt, + the values array must have a + single element, which will be + interpreted as an integer. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in + the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to an update), the system + may or may not try to eventually evict the pod + from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + If the operator is Gt or Lt, + the values array must have a + single element, which will be + interpreted as an integer. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + If the operator is Gt or Lt, + the values array must have a + single element, which will be + interpreted as an integer. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a + node that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by + iterating through the elements of this field + and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the + given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on + which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod + anti affinity scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most preferred + is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a + sum by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the + given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on + which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector + are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod\ + \ label keys to select the pods over which\ + \ spreading will be calculated. The keys are\ + \ used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed\ + \ with labelSelector to select the group of\ + \ existing pods over which spreading will\ + \ be calculated for the incoming pod. The\ + \ same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot\ + \ be set when LabelSelector isn't set. Keys\ + \ that don't exist in the incoming pod labels\ + \ will be ignored. A null or empty list means\ + \ only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is + the minimum number of matching pods in an + eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread + as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P + P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make + the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod + can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum\ + \ number of eligible domains. When the number\ + \ of eligible domains with matching topology\ + \ keys is less than minDomains, Pod Topology\ + \ Spread treats \"global minimum\" as 0, and\ + \ then the calculation of Skew is performed.\ + \ And when the number of eligible domains\ + \ with matching topology keys equals or greater\ + \ than minDomains, this value has no effect\ + \ on scheduling. As a result, when the number\ + \ of eligible domains is less than minDomains,\ + \ scheduler won't schedule more than maxSkew\ + \ Pods to those domains. If value is nil,\ + \ the constraint behaves as if MinDomains\ + \ is equal to 1. Valid values are integers\ + \ greater than 0. When value is not nil, WhenUnsatisfiable\ + \ must be DoNotSchedule. \n For example, in\ + \ a 3-zone cluster, MaxSkew is set to 2, MinDomains\ + \ is set to 5 and pods with the same labelSelector\ + \ spread as 2/2/2: | zone1 | zone2 | zone3\ + \ | | P P | P P | P P | The number of\ + \ domains is less than 5(MinDomains), so \"\ + global minimum\" is treated as 0. In this\ + \ situation, new pod with the same labelSelector\ + \ cannot be scheduled, because computed skew\ + \ will be 3(3 - 0) if new Pod is scheduled\ + \ to any of the three zones, it will violate\ + \ MaxSkew. \n This is a beta field and requires\ + \ the MinDomainsInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how\ + \ we will treat Pod's nodeAffinity/nodeSelector\ + \ when calculating pod topology spread skew.\ + \ Options are: - Honor: only nodes matching\ + \ nodeAffinity/nodeSelector are included in\ + \ the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the\ + \ calculations. \n If this value is nil, the\ + \ behavior is equivalent to the Honor policy.\ + \ This is a beta-level feature default enabled\ + \ by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how\ + \ we will treat node taints when calculating\ + \ pod topology spread skew. Options are: -\ + \ Honor: nodes without taints, along with\ + \ tainted nodes for which the incoming pod\ + \ has a toleration, are included. - Ignore:\ + \ node taints are ignored. All nodes are included.\ + \ \n If this value is nil, the behavior is\ + \ equivalent to the Ignore policy. This is\ + \ a beta-level feature default enabled by\ + \ the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node + labels. Nodes that have a label with this + key and identical values are considered to + be in the same topology. We consider each + as a "bucket", and try to put + balanced number of pods into each bucket. + We define a domain as a particular instance + of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy + the spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - + ScheduleAnyway tells the scheduler to schedule + the pod in any location, but giving higher + precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assignment for that pod would violate + "MaxSkew" on some topology. For example, in + a 3-zone cluster, MaxSkew is set to 1, and + pods with the same labelSelector spread as + 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other + words, the cluster can still be imbalanced, + but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + portable: + description: Portable represents OSD portability across + the hosts + type: boolean + preparePlacement: + description: Placement is the placement for an object + nullable: true + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a + node that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by + iterating through the elements of this field + and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling + term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + If the operator is Gt or Lt, + the values array must have a + single element, which will be + interpreted as an integer. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + If the operator is Gt or Lt, + the values array must have a + single element, which will be + interpreted as an integer. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in + the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to an update), the system + may or may not try to eventually evict the pod + from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + If the operator is Gt or Lt, + the values array must have a + single element, which will be + interpreted as an integer. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + If the operator is Gt or Lt, + the values array must have a + single element, which will be + interpreted as an integer. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a + node that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by + iterating through the elements of this field + and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the + given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on + which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod + anti affinity scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most preferred + is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a + sum by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the + given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on + which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector + are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod\ + \ label keys to select the pods over which\ + \ spreading will be calculated. The keys are\ + \ used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed\ + \ with labelSelector to select the group of\ + \ existing pods over which spreading will\ + \ be calculated for the incoming pod. The\ + \ same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot\ + \ be set when LabelSelector isn't set. Keys\ + \ that don't exist in the incoming pod labels\ + \ will be ignored. A null or empty list means\ + \ only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is + the minimum number of matching pods in an + eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector spread + as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P + P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make + the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod + can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum\ + \ number of eligible domains. When the number\ + \ of eligible domains with matching topology\ + \ keys is less than minDomains, Pod Topology\ + \ Spread treats \"global minimum\" as 0, and\ + \ then the calculation of Skew is performed.\ + \ And when the number of eligible domains\ + \ with matching topology keys equals or greater\ + \ than minDomains, this value has no effect\ + \ on scheduling. As a result, when the number\ + \ of eligible domains is less than minDomains,\ + \ scheduler won't schedule more than maxSkew\ + \ Pods to those domains. If value is nil,\ + \ the constraint behaves as if MinDomains\ + \ is equal to 1. Valid values are integers\ + \ greater than 0. When value is not nil, WhenUnsatisfiable\ + \ must be DoNotSchedule. \n For example, in\ + \ a 3-zone cluster, MaxSkew is set to 2, MinDomains\ + \ is set to 5 and pods with the same labelSelector\ + \ spread as 2/2/2: | zone1 | zone2 | zone3\ + \ | | P P | P P | P P | The number of\ + \ domains is less than 5(MinDomains), so \"\ + global minimum\" is treated as 0. In this\ + \ situation, new pod with the same labelSelector\ + \ cannot be scheduled, because computed skew\ + \ will be 3(3 - 0) if new Pod is scheduled\ + \ to any of the three zones, it will violate\ + \ MaxSkew. \n This is a beta field and requires\ + \ the MinDomainsInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how\ + \ we will treat Pod's nodeAffinity/nodeSelector\ + \ when calculating pod topology spread skew.\ + \ Options are: - Honor: only nodes matching\ + \ nodeAffinity/nodeSelector are included in\ + \ the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the\ + \ calculations. \n If this value is nil, the\ + \ behavior is equivalent to the Honor policy.\ + \ This is a beta-level feature default enabled\ + \ by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how\ + \ we will treat node taints when calculating\ + \ pod topology spread skew. Options are: -\ + \ Honor: nodes without taints, along with\ + \ tainted nodes for which the incoming pod\ + \ has a toleration, are included. - Ignore:\ + \ node taints are ignored. All nodes are included.\ + \ \n If this value is nil, the behavior is\ + \ equivalent to the Ignore policy. This is\ + \ a beta-level feature default enabled by\ + \ the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node + labels. Nodes that have a label with this + key and identical values are considered to + be in the same topology. We consider each + as a "bucket", and try to put + balanced number of pods into each bucket. + We define a domain as a particular instance + of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy + the spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - + ScheduleAnyway tells the scheduler to schedule + the pod in any location, but giving higher + precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assignment for that pod would violate + "MaxSkew" on some topology. For example, in + a 3-zone cluster, MaxSkew is set to 1, and + pods with the same labelSelector spread as + 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other + words, the cluster can still be imbalanced, + but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + resources: + description: ResourceRequirements describes the compute + resource requirements. + nullable: true + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are used\ + \ by this container. \n This is an alpha field and\ + \ requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It can\ + \ only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + schedulerName: + description: Scheduler name for OSD pod placement + type: string + tuneDeviceClass: + description: TuneSlowDeviceClass Tune the OSD when running + on a slow Device Class + type: boolean + tuneFastDeviceClass: + description: TuneFastDeviceClass Tune the OSD when running + on a fast Device Class + type: boolean + volumeClaimTemplates: + description: VolumeClaimTemplates is a list of PVC templates + for the underlying storage devices + items: + description: PersistentVolumeClaim is a user's request + for and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics + of a volume requested by a pod author. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may + be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding + will only succeed if the type of the specified + object matches some installed volume populator + or dynamic provisioner. This field will replace + the functionality of the dataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same + value automatically if one of them is empty + and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all + values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows + objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than + previous value but must still be higher than + capacity recorded in the status field of the + claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of\ + \ resources, defined in spec.resourceClaims,\ + \ that are used by this container. \n\ + \ This is an alpha field and requires\ + \ enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable.\ + \ It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of + volume is required by the claim. Value of + Filesystem is implied when not included in + claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual + access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, + then it should ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane. -\ + \ ControllerResizeFailed: State set when resize\ + \ has failed in resize controller with a terminal\ + \ error. - NodeResizePending: State set when\ + \ resize controller has finished resizing\ + \ the volume but further resizing of volume\ + \ is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more\ + \ capacity - this field can be one of the\ + \ following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including its\ + \ capacity. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update\ + \ with previously unknown resourceName should\ + \ ignore the update for the purpose it was\ + \ designed. For example - a controller that\ + \ only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual + resources of the underlying volume. + type: object + conditions: + description: conditions is the current Condition + of persistent volume claim. If underlying + persistent volume is being resized then the + Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition + contains details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time + we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the + time the condition transitioned from + one status to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last + transition. + type: string + reason: + description: reason is a unique, this + should be a short, machine understandable + string that gives the reason for condition's + last transition. If it reports "ResizeStarted" + that means the underlying persistent + volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + required: + - count + - name + - volumeClaimTemplates + type: object + nullable: true + type: array + store: + description: OSDStore is the backend storage type used for creating + the OSDs + properties: + type: + description: Type of backend storage to be used while creating + OSDs. If empty, then bluestore will be used + enum: + - bluestore + - bluestore-rdr + type: string + updateStore: + description: UpdateStore updates the backend store for existing + OSDs. It destroys each OSD one at a time, cleans up the + backing disk and prepares same OSD on that disk + pattern: ^$|^yes-really-update-store$ + type: string + type: object + useAllDevices: + description: Whether to consume all the storage devices found + on a machine + type: boolean + useAllNodes: + type: boolean + volumeClaimTemplates: + description: PersistentVolumeClaims to use as storage + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal value, + and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the + REST resource this object represents. Servers may infer + this from the endpoint the client submits requests to. + Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics + of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are used\ + \ by this container. \n This is an alpha field\ + \ and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable.\ + \ It can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual access + modes the volume backing the PVC has. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status\ + \ of resource being resized for the given PVC. Key\ + \ names follow standard Kubernetes label syntax.\ + \ Valid values are either: * Un-prefixed keys: -\ + \ storage - the capacity of the volume. * Custom\ + \ resources must use implementation-defined prefixed\ + \ names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered reserved\ + \ and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending: State\ + \ set when resize controller has finished resizing\ + \ the volume but further resizing of volume is needed\ + \ on the node. - NodeResizeInProgress: State set\ + \ when kubelet starts resizing the volume. - NodeResizeFailed:\ + \ State set when resizing has failed in kubelet\ + \ with a terminal error. Transient errors don't\ + \ set NodeResizeFailed. For example: if expanding\ + \ a PVC for more capacity - this field can be one\ + \ of the following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is not\ + \ set, it means that no resize operation is in progress\ + \ for the given PVC. \n A controller that receives\ + \ PVC update with previously unknown resourceName\ + \ or ClaimResourceStatus should ignore the update\ + \ for the purpose it was designed. For example -\ + \ a controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity. Key\ + \ names follow standard Kubernetes label syntax.\ + \ Valid values are either: * Un-prefixed keys: -\ + \ storage - the capacity of the volume. * Custom\ + \ resources must use implementation-defined prefixed\ + \ names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered reserved\ + \ and hence may not be used. \n Capacity reported\ + \ here may be larger than the actual capacity when\ + \ a volume expansion operation is requested. For\ + \ storage quota, the larger value from allocatedResources\ + \ and PVC.spec.resources is used. If allocatedResources\ + \ is not set, PVC.spec.resources alone is used for\ + \ quota calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is only\ + \ lowered if there are no expansion operations in\ + \ progress and if the actual volume capacity is\ + \ equal or lower than the requested capacity. \n\ + \ A controller that receives PVC update with previously\ + \ unknown resourceName should ignore the update\ + \ for the purpose it was designed. For example -\ + \ a controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition of + persistent volume claim. If underlying persistent + volume is being resized then the Condition will + be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should + be a short, machine understandable string + that gives the reason for condition's last + transition. If it reports "ResizeStarted" + that means the underlying persistent volume + is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of + PersistentVolumeClaim. + type: string + type: object + type: object + type: array + type: object + waitTimeoutForHealthyOSDInMinutes: + description: WaitTimeoutForHealthyOSDInMinutes defines the time + the operator would wait before an OSD can be stopped for upgrade + or restart. If the timeout exceeds and OSD is not ok to stop, + then the operator would skip upgrade for the current OSD and proceed + with the next one if `continueUpgradeAfterChecksEvenIfNotHealthy` + is `false`. If `continueUpgradeAfterChecksEvenIfNotHealthy` is + `true`, then operator would continue with the upgrade of an OSD + even if its not ok to stop after the timeout. This timeout won't + be applied if `skipUpgradeChecks` is `true`. The default wait + timeout is 10 minutes. + format: int64 + type: integer + type: object + status: + description: ClusterStatus represents the status of a Ceph cluster + nullable: true + properties: + ceph: + description: CephStatus is the details health of a Ceph Cluster + properties: + capacity: + description: Capacity is the capacity information of a Ceph + Cluster + properties: + bytesAvailable: + format: int64 + type: integer + bytesTotal: + format: int64 + type: integer + bytesUsed: + format: int64 + type: integer + lastUpdated: + type: string + type: object + details: + additionalProperties: + description: CephHealthMessage represents the health message + of a Ceph Cluster + properties: + message: + type: string + severity: + type: string + required: + - message + - severity + type: object + type: object + fsid: + type: string + health: + type: string + lastChanged: + type: string + lastChecked: + type: string + previousHealth: + type: string + versions: + description: CephDaemonsVersions show the current ceph version + for different ceph daemons + properties: + cephfs-mirror: + additionalProperties: + type: integer + description: CephFSMirror shows CephFSMirror Ceph version + type: object + mds: + additionalProperties: + type: integer + description: Mds shows Mds Ceph version + type: object + mgr: + additionalProperties: + type: integer + description: Mgr shows Mgr Ceph version + type: object + mon: + additionalProperties: + type: integer + description: Mon shows Mon Ceph version + type: object + osd: + additionalProperties: + type: integer + description: Osd shows Osd Ceph version + type: object + overall: + additionalProperties: + type: integer + description: Overall shows overall Ceph version + type: object + rbd-mirror: + additionalProperties: + type: integer + description: RbdMirror shows RbdMirror Ceph version + type: object + rgw: + additionalProperties: + type: integer + description: Rgw shows Rgw Ceph version + type: object + type: object + type: object + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + message: + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: ConditionType represent a resource's status + type: string + state: + description: ClusterState represents the state of a Ceph Cluster + type: string + storage: + description: CephStorage represents flavors of Ceph Cluster Storage + properties: + deviceClasses: + items: + description: DeviceClasses represents device classes of a + Ceph Cluster + properties: + name: + type: string + type: object + type: array + osd: + description: OSDStatus represents OSD status of the ceph Cluster + properties: + storeType: + additionalProperties: + type: integer + description: StoreType is a mapping between the OSD backend + stores and number of OSDs using these stores + type: object + type: object + type: object + version: + description: ClusterVersion represents the version of a Ceph Cluster + properties: + image: + type: string + version: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephcosidrivers.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephCOSIDriver + listKind: CephCOSIDriverList + plural: cephcosidrivers + shortNames: + - cephcosi + singular: cephcosidriver + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CephCOSIDriver represents the CRD for the Ceph COSI Driver + Deployment + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the specification of a Ceph COSI Driver + properties: + deploymentStrategy: + description: DeploymentStrategy is the strategy to use to deploy + the COSI driver. + enum: + - Never + - Auto + - Always + type: string + image: + description: Image is the container image to run the Ceph COSI driver + type: string + objectProvisionerImage: + description: ObjectProvisionerImage is the container image to run + the COSI driver sidecar + type: string + placement: + description: Placement is the placement strategy to use for the + COSI driver + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of + matching pods in an eligible domain or zero if the number + of eligible domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 | zone3 | | P + P | P P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; scheduling + it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto any zone. When + `whenUnsatisfiable=ScheduleAnyway`, it is used to give + higher precedence to topologies that satisfy it. It''s + a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of\ + \ eligible domains. When the number of eligible domains\ + \ with matching topology keys is less than minDomains,\ + \ Pod Topology Spread treats \"global minimum\" as 0,\ + \ and then the calculation of Skew is performed. And\ + \ when the number of eligible domains with matching\ + \ topology keys equals or greater than minDomains, this\ + \ value has no effect on scheduling. As a result, when\ + \ the number of eligible domains is less than minDomains,\ + \ scheduler won't schedule more than maxSkew Pods to\ + \ those domains. If value is nil, the constraint behaves\ + \ as if MinDomains is equal to 1. Valid values are integers\ + \ greater than 0. When value is not nil, WhenUnsatisfiable\ + \ must be DoNotSchedule. \n For example, in a 3-zone\ + \ cluster, MaxSkew is set to 2, MinDomains is set to\ + \ 5 and pods with the same labelSelector spread as 2/2/2:\ + \ | zone1 | zone2 | zone3 | | P P | P P | P P \ + \ | The number of domains is less than 5(MinDomains),\ + \ so \"global minimum\" is treated as 0. In this situation,\ + \ new pod with the same labelSelector cannot be scheduled,\ + \ because computed skew will be 3(3 - 0) if new Pod\ + \ is scheduled to any of the three zones, it will violate\ + \ MaxSkew. \n This is a beta field and requires the\ + \ MinDomainsInPodTopologySpread feature gate to be enabled\ + \ (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will\ + \ treat Pod's nodeAffinity/nodeSelector when calculating\ + \ pod topology spread skew. Options are: - Honor: only\ + \ nodes matching nodeAffinity/nodeSelector are included\ + \ in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat\ + \ node taints when calculating pod topology spread skew.\ + \ Options are: - Honor: nodes without taints, along\ + \ with tainted nodes for which the incoming pod has\ + \ a toleration, are included. - Ignore: node taints\ + \ are ignored. All nodes are included. \n If this value\ + \ is nil, the behavior is equivalent to the Ignore policy.\ + \ This is a beta-level feature default enabled by the\ + \ NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values + are considered to be in the same topology. We consider + each as a "bucket", and try to put balanced + number of pods into each bucket. We define a domain + as a particular instance of a topology. Also, we define + an eligible domain as a domain whose nodes meet the + requirements of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each + Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become + 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be + imbalanced, but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + resources: + description: Resources is the resource requirements for the COSI + driver + properties: + claims: + description: "Claims lists the names of resources, defined in\ + \ spec.resourceClaims, that are used by this container. \n\ + \ This is an alpha field and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It can only be\ + \ set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephfilesystemmirrors.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephFilesystemMirror + listKind: CephFilesystemMirrorList + plural: cephfilesystemmirrors + singular: cephfilesystemmirror + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephFilesystemMirror is the Ceph Filesystem Mirror object definition + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FilesystemMirroringSpec is the filesystem mirroring specification + properties: + annotations: + additionalProperties: + type: string + description: The annotations-related configuration to add/set on + each Pod related object. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: The labels-related configuration to add/set on each + Pod related object. + nullable: true + type: object + placement: + description: The affinity to place the rgw pods (default is to place + on any available node) + nullable: true + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of + matching pods in an eligible domain or zero if the number + of eligible domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 | zone3 | | P + P | P P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; scheduling + it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto any zone. When + `whenUnsatisfiable=ScheduleAnyway`, it is used to give + higher precedence to topologies that satisfy it. It''s + a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of\ + \ eligible domains. When the number of eligible domains\ + \ with matching topology keys is less than minDomains,\ + \ Pod Topology Spread treats \"global minimum\" as 0,\ + \ and then the calculation of Skew is performed. And\ + \ when the number of eligible domains with matching\ + \ topology keys equals or greater than minDomains, this\ + \ value has no effect on scheduling. As a result, when\ + \ the number of eligible domains is less than minDomains,\ + \ scheduler won't schedule more than maxSkew Pods to\ + \ those domains. If value is nil, the constraint behaves\ + \ as if MinDomains is equal to 1. Valid values are integers\ + \ greater than 0. When value is not nil, WhenUnsatisfiable\ + \ must be DoNotSchedule. \n For example, in a 3-zone\ + \ cluster, MaxSkew is set to 2, MinDomains is set to\ + \ 5 and pods with the same labelSelector spread as 2/2/2:\ + \ | zone1 | zone2 | zone3 | | P P | P P | P P \ + \ | The number of domains is less than 5(MinDomains),\ + \ so \"global minimum\" is treated as 0. In this situation,\ + \ new pod with the same labelSelector cannot be scheduled,\ + \ because computed skew will be 3(3 - 0) if new Pod\ + \ is scheduled to any of the three zones, it will violate\ + \ MaxSkew. \n This is a beta field and requires the\ + \ MinDomainsInPodTopologySpread feature gate to be enabled\ + \ (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will\ + \ treat Pod's nodeAffinity/nodeSelector when calculating\ + \ pod topology spread skew. Options are: - Honor: only\ + \ nodes matching nodeAffinity/nodeSelector are included\ + \ in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat\ + \ node taints when calculating pod topology spread skew.\ + \ Options are: - Honor: nodes without taints, along\ + \ with tainted nodes for which the incoming pod has\ + \ a toleration, are included. - Ignore: node taints\ + \ are ignored. All nodes are included. \n If this value\ + \ is nil, the behavior is equivalent to the Ignore policy.\ + \ This is a beta-level feature default enabled by the\ + \ NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values + are considered to be in the same topology. We consider + each as a "bucket", and try to put balanced + number of pods into each bucket. We define a domain + as a particular instance of a topology. Also, we define + an eligible domain as a domain whose nodes meet the + requirements of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each + Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become + 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be + imbalanced, but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + priorityClassName: + description: PriorityClassName sets priority class on the cephfs-mirror + pods + type: string + resources: + description: The resource requirements for the cephfs-mirror pods + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined in\ + \ spec.resourceClaims, that are used by this container. \n\ + \ This is an alpha field and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It can only be\ + \ set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + status: + description: Status represents the status of an object + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephfilesystems.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephFilesystem + listKind: CephFilesystemList + plural: cephfilesystems + singular: cephfilesystem + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Number of desired active MDS daemons + jsonPath: .spec.metadataServer.activeCount + name: ActiveMDS + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephFilesystem represents a Ceph Filesystem + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FilesystemSpec represents the spec of a file system + properties: + dataPools: + description: The data pool settings, with optional predefined pool + name. + items: + description: NamedPoolSpec represents the named ceph pool spec + properties: + compressionMode: + description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] + = "force" The inline compression mode in Bluestore OSD to + set to (options are: none, passive, aggressive, force) Do + NOT set a default value for kubebuilder as this will override + the Parameters' + enum: + - none + - passive + - aggressive + - force + - '' + nullable: true + type: string + crushRoot: + description: The root of the crush hierarchy utilized by the + pool + nullable: true + type: string + deviceClass: + description: The device class the OSD should set to for use + in the pool + nullable: true + type: string + enableRBDStats: + description: EnableRBDStats is used to enable gathering of + statistics for all RBD images in the pool + type: boolean + erasureCoded: + description: The erasure code settings + properties: + algorithm: + description: The algorithm for erasure coding + type: string + codingChunks: + description: Number of coding chunks per object in an + erasure coded storage pool (required for erasure-coded + pool type). This is the number of OSDs that can be lost + simultaneously before data cannot be recovered. + minimum: 0 + type: integer + dataChunks: + description: Number of data chunks per object in an erasure + coded storage pool (required for erasure-coded pool + type). The number of chunks required to recover an object + when any single OSD is lost is the same as dataChunks + so be aware that the larger the number of data chunks, + the higher the cost of recovery. + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + description: 'The failure domain: osd/host/(region or zone + if available) - technically also any type in the crush map' + type: string + mirroring: + description: The mirroring settings + properties: + enabled: + description: Enabled whether this pool is mirrored or + not + type: boolean + mode: + description: 'Mode is the mirroring mode: either pool + or image' + type: string + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes + Secret names to add rbd-mirror or cephfs-mirror + peers + items: + type: string + type: array + type: object + snapshotSchedules: + description: SnapshotSchedules is the scheduling of snapshot + for mirrored images/pools + items: + description: SnapshotScheduleSpec represents the snapshot + scheduling settings of a mirrored pool + properties: + interval: + description: Interval represent the periodicity + of the snapshot. + type: string + path: + description: Path is the path to snapshot, only + valid for CephFS + type: string + startTime: + description: StartTime indicates when to start the + snapshot + type: string + type: object + type: array + type: object + name: + description: Name of the pool + type: string + parameters: + additionalProperties: + type: string + description: Parameters is a list of properties to enable + on a given pool + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + description: The quota settings + nullable: true + properties: + maxBytes: + description: MaxBytes represents the quota in bytes Deprecated + in favor of MaxSize + format: int64 + type: integer + maxObjects: + description: MaxObjects represents the quota in objects + format: int64 + type: integer + maxSize: + description: MaxSize represents the quota in bytes as + a string + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + description: The replication settings + properties: + hybridStorage: + description: HybridStorage represents hybrid storage tier + settings + nullable: true + properties: + primaryDeviceClass: + description: PrimaryDeviceClass represents high performance + tier (for example SSD or NVME) for Primary OSD + minLength: 1 + type: string + secondaryDeviceClass: + description: SecondaryDeviceClass represents low performance + tier (for example HDDs) for remaining OSDs + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + description: ReplicasPerFailureDomain the number of replica + in the specified failure domain + minimum: 1 + type: integer + requireSafeReplicaSize: + description: RequireSafeReplicaSize if false allows you + to set replica 1 + type: boolean + size: + description: Size - Number of copies per object in a replicated + storage pool, including the object itself (required + for replicated pool type) + minimum: 0 + type: integer + subFailureDomain: + description: SubFailureDomain the name of the sub-failure + domain + type: string + targetSizeRatio: + description: TargetSizeRatio gives a hint (%) to Ceph + in terms of expected consumption of the total cluster + capacity + type: number + required: + - size + type: object + statusCheck: + description: The mirroring statusCheck + properties: + mirror: + description: HealthCheckSpec represents the health check + of an object store bucket + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or + minute for the health check to run like 60s for + 60 seconds + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + nullable: true + type: array + metadataPool: + description: The metadata pool settings + nullable: true + properties: + compressionMode: + description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] + = "force" The inline compression mode in Bluestore OSD to + set to (options are: none, passive, aggressive, force) Do + NOT set a default value for kubebuilder as this will override + the Parameters' + enum: + - none + - passive + - aggressive + - force + - '' + nullable: true + type: string + crushRoot: + description: The root of the crush hierarchy utilized by the + pool + nullable: true + type: string + deviceClass: + description: The device class the OSD should set to for use + in the pool + nullable: true + type: string + enableRBDStats: + description: EnableRBDStats is used to enable gathering of statistics + for all RBD images in the pool + type: boolean + erasureCoded: + description: The erasure code settings + properties: + algorithm: + description: The algorithm for erasure coding + type: string + codingChunks: + description: Number of coding chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + This is the number of OSDs that can be lost simultaneously + before data cannot be recovered. + minimum: 0 + type: integer + dataChunks: + description: Number of data chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + The number of chunks required to recover an object when + any single OSD is lost is the same as dataChunks so be + aware that the larger the number of data chunks, the higher + the cost of recovery. + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + description: 'The failure domain: osd/host/(region or zone if + available) - technically also any type in the crush map' + type: string + mirroring: + description: The mirroring settings + properties: + enabled: + description: Enabled whether this pool is mirrored or not + type: boolean + mode: + description: 'Mode is the mirroring mode: either pool or + image' + type: string + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes Secret + names to add rbd-mirror or cephfs-mirror peers + items: + type: string + type: array + type: object + snapshotSchedules: + description: SnapshotSchedules is the scheduling of snapshot + for mirrored images/pools + items: + description: SnapshotScheduleSpec represents the snapshot + scheduling settings of a mirrored pool + properties: + interval: + description: Interval represent the periodicity of + the snapshot. + type: string + path: + description: Path is the path to snapshot, only valid + for CephFS + type: string + startTime: + description: StartTime indicates when to start the + snapshot + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + description: Parameters is a list of properties to enable on + a given pool + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + description: The quota settings + nullable: true + properties: + maxBytes: + description: MaxBytes represents the quota in bytes Deprecated + in favor of MaxSize + format: int64 + type: integer + maxObjects: + description: MaxObjects represents the quota in objects + format: int64 + type: integer + maxSize: + description: MaxSize represents the quota in bytes as a + string + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + description: The replication settings + properties: + hybridStorage: + description: HybridStorage represents hybrid storage tier + settings + nullable: true + properties: + primaryDeviceClass: + description: PrimaryDeviceClass represents high performance + tier (for example SSD or NVME) for Primary OSD + minLength: 1 + type: string + secondaryDeviceClass: + description: SecondaryDeviceClass represents low performance + tier (for example HDDs) for remaining OSDs + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + description: ReplicasPerFailureDomain the number of replica + in the specified failure domain + minimum: 1 + type: integer + requireSafeReplicaSize: + description: RequireSafeReplicaSize if false allows you + to set replica 1 + type: boolean + size: + description: Size - Number of copies per object in a replicated + storage pool, including the object itself (required for + replicated pool type) + minimum: 0 + type: integer + subFailureDomain: + description: SubFailureDomain the name of the sub-failure + domain + type: string + targetSizeRatio: + description: TargetSizeRatio gives a hint (%) to Ceph in + terms of expected consumption of the total cluster capacity + type: number + required: + - size + type: object + statusCheck: + description: The mirroring statusCheck + properties: + mirror: + description: HealthCheckSpec represents the health check + of an object store bucket + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + metadataServer: + description: The mds pod info + properties: + activeCount: + description: The number of metadata servers that are active. + The remaining servers in the cluster will be in standby mode. + format: int32 + maximum: 10 + minimum: 1 + type: integer + activeStandby: + description: Whether each active MDS instance will have an active + standby with a warm metadata cache for faster failover. If + false, standbys will still be available, but will not have + a warm metadata cache. + type: boolean + annotations: + additionalProperties: + type: string + description: The annotations-related configuration to add/set + on each Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + labels: + additionalProperties: + type: string + description: The labels-related configuration to add/set on + each Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + livenessProbe: + description: ProbeSpec is a wrapper around Probe so it can be + enabled or disabled for a Ceph daemon + properties: + disabled: + description: Disabled determines whether probe is disable + or not + type: boolean + probe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive or + ready to receive traffic. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service\ + \ to place in the gRPC HealthCheckRequest (see\ + \ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default behavior\ + \ is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided + by the pod spec. Value must be non-negative integer. + The value zero indicates stop immediately via the + kill signal (no opportunity to shut down). This is + a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + type: object + placement: + description: The affinity to place the mds pods (default is + to place on all available node) with a daemonset + nullable: true + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a + no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an + update), the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti + affinity scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all + of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If + the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to + spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or + zero if the number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can + be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number\ + \ of eligible domains. When the number of eligible\ + \ domains with matching topology keys is less than\ + \ minDomains, Pod Topology Spread treats \"global\ + \ minimum\" as 0, and then the calculation of Skew\ + \ is performed. And when the number of eligible\ + \ domains with matching topology keys equals or\ + \ greater than minDomains, this value has no effect\ + \ on scheduling. As a result, when the number of\ + \ eligible domains is less than minDomains, scheduler\ + \ won't schedule more than maxSkew Pods to those\ + \ domains. If value is nil, the constraint behaves\ + \ as if MinDomains is equal to 1. Valid values are\ + \ integers greater than 0. When value is not nil,\ + \ WhenUnsatisfiable must be DoNotSchedule. \n For\ + \ example, in a 3-zone cluster, MaxSkew is set to\ + \ 2, MinDomains is set to 5 and pods with the same\ + \ labelSelector spread as 2/2/2: | zone1 | zone2\ + \ | zone3 | | P P | P P | P P | The number\ + \ of domains is less than 5(MinDomains), so \"global\ + \ minimum\" is treated as 0. In this situation,\ + \ new pod with the same labelSelector cannot be\ + \ scheduled, because computed skew will be 3(3 -\ + \ 0) if new Pod is scheduled to any of the three\ + \ zones, it will violate MaxSkew. \n This is a beta\ + \ field and requires the MinDomainsInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we\ + \ will treat Pod's nodeAffinity/nodeSelector when\ + \ calculating pod topology spread skew. Options\ + \ are: - Honor: only nodes matching nodeAffinity/nodeSelector\ + \ are included in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will\ + \ treat node taints when calculating pod topology\ + \ spread skew. Options are: - Honor: nodes without\ + \ taints, along with tainted nodes for which the\ + \ incoming pod has a toleration, are included. -\ + \ Ignore: node taints are ignored. All nodes are\ + \ included. \n If this value is nil, the behavior\ + \ is equivalent to the Ignore policy. This is a\ + \ beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and + try to put balanced number of pods into each bucket. + We define a domain as a particular instance of a + topology. Also, we define an eligible domain as + a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if + TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help + reduce the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P + P | P | P | If WhenUnsatisfiable is set + to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + priorityClassName: + description: PriorityClassName sets priority classes on components + type: string + resources: + description: The resource requirements for the rgw pods + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined\ + \ in spec.resourceClaims, that are used by this container.\ + \ \n This is an alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate. \n This field\ + \ is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + startupProbe: + description: ProbeSpec is a wrapper around Probe so it can be + enabled or disabled for a Ceph daemon + properties: + disabled: + description: Disabled determines whether probe is disable + or not + type: boolean + probe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive or + ready to receive traffic. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service\ + \ to place in the gRPC HealthCheckRequest (see\ + \ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default behavior\ + \ is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided + by the pod spec. Value must be non-negative integer. + The value zero indicates stop immediately via the + kill signal (no opportunity to shut down). This is + a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + type: object + required: + - activeCount + type: object + mirroring: + description: The mirroring settings + nullable: true + properties: + enabled: + description: Enabled whether this filesystem is mirrored or + not + type: boolean + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes Secret + names to add rbd-mirror or cephfs-mirror peers + items: + type: string + type: array + type: object + snapshotRetention: + description: Retention is the retention policy for a snapshot + schedule One path has exactly one retention policy. A policy + can however contain multiple count-time period pairs in order + to specify complex retention policies + items: + description: SnapshotScheduleRetentionSpec is a retention + policy + properties: + duration: + description: Duration represents the retention duration + for a snapshot + type: string + path: + description: Path is the path to snapshot + type: string + type: object + type: array + snapshotSchedules: + description: SnapshotSchedules is the scheduling of snapshot + for mirrored filesystems + items: + description: SnapshotScheduleSpec represents the snapshot + scheduling settings of a mirrored pool + properties: + interval: + description: Interval represent the periodicity of the + snapshot. + type: string + path: + description: Path is the path to snapshot, only valid + for CephFS + type: string + startTime: + description: StartTime indicates when to start the snapshot + type: string + type: object + type: array + type: object + preserveFilesystemOnDelete: + description: Preserve the fs in the cluster on CephFilesystem CR + deletion. Setting this to true automatically implies PreservePoolsOnDelete + is true. + type: boolean + preservePoolsOnDelete: + description: Preserve pools on filesystem deletion + type: boolean + statusCheck: + description: The mirroring statusCheck + properties: + mirror: + description: HealthCheckSpec represents the health check of + an object store bucket + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - dataPools + - metadataPool + - metadataServer + type: object + status: + description: CephFilesystemStatus represents the status of a Ceph Filesystem + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + info: + additionalProperties: + type: string + description: Use only info and put mirroringStatus in it? + nullable: true + type: object + mirroringStatus: + description: MirroringStatus is the filesystem mirroring status + properties: + daemonsStatus: + description: PoolMirroringStatus is the mirroring status of + a filesystem + items: + description: FilesystemMirrorInfoSpec is the filesystem mirror + status of a given filesystem + properties: + daemon_id: + description: DaemonID is the cephfs-mirror name + type: integer + filesystems: + description: Filesystems is the list of filesystems managed + by a given cephfs-mirror daemon + items: + description: FilesystemsSpec is spec for the mirrored + filesystem + properties: + directory_count: + description: DirectoryCount is the number of directories + in the filesystem + type: integer + filesystem_id: + description: FilesystemID is the filesystem identifier + type: integer + name: + description: Name is name of the filesystem + type: string + peers: + description: Peers represents the mirroring peers + items: + description: FilesystemMirrorInfoPeerSpec is the + specification of a filesystem peer mirror + properties: + remote: + description: Remote are the remote cluster + information + properties: + client_name: + description: ClientName is cephx name + type: string + cluster_name: + description: ClusterName is the name of + the cluster + type: string + fs_name: + description: FsName is the filesystem + name + type: string + type: object + stats: + description: Stats are the stat a peer mirror + properties: + failure_count: + description: FailureCount is the number + of mirroring failure + type: integer + recovery_count: + description: RecoveryCount is the number + of recovery attempted after failures + type: integer + type: object + uuid: + description: UUID is the peer unique identifier + type: string + type: object + type: array + type: object + type: array + type: object + nullable: true + type: array + details: + description: Details contains potential status errors + type: string + lastChanged: + description: LastChanged is the last time time the status last + changed + type: string + lastChecked: + description: LastChecked is the last time time the status was + checked + type: string + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: ConditionType represent a resource's status + type: string + snapshotScheduleStatus: + description: FilesystemSnapshotScheduleStatusSpec is the status + of the snapshot schedule + properties: + details: + description: Details contains potential status errors + type: string + lastChanged: + description: LastChanged is the last time time the status last + changed + type: string + lastChecked: + description: LastChecked is the last time time the status was + checked + type: string + snapshotSchedules: + description: SnapshotSchedules is the list of snapshots scheduled + items: + description: FilesystemSnapshotSchedulesSpec is the list of + snapshot scheduled for images in a pool + properties: + fs: + description: Fs is the name of the Ceph Filesystem + type: string + path: + description: Path is the path on the filesystem + type: string + rel_path: + type: string + retention: + description: FilesystemSnapshotScheduleStatusRetention + is the retention specification for a filesystem snapshot + schedule + properties: + active: + description: Active is whether the scheduled is active + or not + type: boolean + created: + description: Created is when the snapshot schedule + was created + type: string + created_count: + description: CreatedCount is total amount of snapshots + type: integer + first: + description: First is when the first snapshot schedule + was taken + type: string + last: + description: Last is when the last snapshot schedule + was taken + type: string + last_pruned: + description: LastPruned is when the last snapshot + schedule was pruned + type: string + pruned_count: + description: PrunedCount is total amount of pruned + snapshots + type: integer + start: + description: Start is when the snapshot schedule starts + type: string + type: object + schedule: + type: string + subvol: + description: Subvol is the name of the sub volume + type: string + type: object + nullable: true + type: array + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephfilesystemsubvolumegroups.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephFilesystemSubVolumeGroup + listKind: CephFilesystemSubVolumeGroupList + plural: cephfilesystemsubvolumegroups + singular: cephfilesystemsubvolumegroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephFilesystemSubVolumeGroup represents a Ceph Filesystem SubVolumeGroup + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the specification of a Ceph Filesystem + SubVolumeGroup + properties: + filesystemName: + description: FilesystemName is the name of Ceph Filesystem SubVolumeGroup + volume name. Typically it's the name of the CephFilesystem CR. + If not coming from the CephFilesystem CR, it can be retrieved + from the list of Ceph Filesystem volumes with `ceph fs volume + ls`. To learn more about Ceph Filesystem abstractions see https://docs.ceph.com/en/latest/cephfs/fs-volumes/#fs-volumes-and-subvolumes + type: string + required: + - filesystemName + type: object + status: + description: Status represents the status of a CephFilesystem SubvolumeGroup + properties: + info: + additionalProperties: + type: string + nullable: true + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: ConditionType represent a resource's status + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephnfses.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephNFS + listKind: CephNFSList + plural: cephnfses + shortNames: + - nfs + singular: cephnfs + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CephNFS represents a Ceph NFS + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NFSGaneshaSpec represents the spec of an nfs ganesha server + properties: + rados: + description: RADOS is the Ganesha RADOS specification + nullable: true + properties: + namespace: + description: The namespace inside the Ceph pool (set by 'pool') + where shared NFS-Ganesha config is stored. This setting is + required for Ceph v15 and ignored for Ceph v16. As of Ceph + Pacific v16+, this is internally set to the name of the CephNFS. + type: string + pool: + description: The Ceph pool used store the shared configuration + for NFS-Ganesha daemons. This setting is required for Ceph + v15 and ignored for Ceph v16. As of Ceph Pacific 16.2.7+, + this is internally hardcoded to ".nfs". + type: string + type: object + security: + description: Security allows specifying security configurations + for the NFS cluster + nullable: true + properties: + kerberos: + description: Kerberos configures NFS-Ganesha to secure NFS client + connections with Kerberos. + nullable: true + properties: + configFiles: + description: "ConfigFiles defines where the Kerberos configuration\ + \ should be sourced from. Config files will be placed\ + \ into the `/etc/krb5.conf.rook/` directory. \n If this\ + \ is left empty, Rook will not add any files. This allows\ + \ you to manage the files yourself however you wish. For\ + \ example, you may build them into your custom Ceph container\ + \ image or use the Vault agent injector to securely add\ + \ the files via annotations on the CephNFS spec (passed\ + \ to the NFS server pods). \n Rook configures Kerberos\ + \ to log to stderr. We suggest removing logging sections\ + \ from config files to avoid consuming unnecessary disk\ + \ space from logging to files." + properties: + volumeSource: + description: VolumeSource accepts a pared down version + of the standard Kubernetes VolumeSource for Kerberos + configuration files like what is normally used to + configure Volumes for a Pod. For example, a ConfigMap, + Secret, or HostPath. The volume may contain multiple + files, all of which will be loaded. + properties: + configMap: + description: configMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode + bits used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within + the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of + storage medium should back this directory. + The default is "" which means to use the node''s + default medium. Must be an empty string (default) + or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value + between the SizeLimit specified here and the + sum of memory limits of all containers in + a pod. The default is nil which means that + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + description: 'hostPath represents a pre-existing + file or directory on the host machine that is + directly exposed to the container. This is generally + used for system agents or other privileged things + that are allowed to see the host machine. Most + containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + ---' + properties: + path: + description: 'path of the directory on the host. + If the path is a symlink, it will follow the + link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this + volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. Directories + within the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, and + the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the ConfigMap, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the + key to. May not be an absolute + path. May not contain the + path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are currently + supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret will + be projected into the volume as + a file whose name is the key and + content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the Secret, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the + key to. May not be an absolute + path. May not contain the + path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional field specify + whether the Secret or its key must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to + project + properties: + audience: + description: audience is the intended + audience of the token. A recipient + of a token must identify itself + with an identifier specified in + the audience of the token, and otherwise + should reject the token. The audience + defaults to the identifier of the + apiserver. + type: string + expirationSeconds: + description: expirationSeconds is + the requested duration of validity + of the service account token. As + the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. + The kubelet will start trying to + rotate the token if the token is + older than 80 percent of its time + to live or if the token is older + than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative + to the mount point of the file to + project the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + description: 'secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode + bits used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within + the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the + secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + type: object + type: object + domainName: + description: DomainName should be set to the Kerberos Realm. + type: string + keytabFile: + description: KeytabFile defines where the Kerberos keytab + should be sourced from. The keytab file will be placed + into `/etc/krb5.keytab`. If this is left empty, Rook will + not add the file. This allows you to manage the `krb5.keytab` + file yourself however you wish. For example, you may build + it into your custom Ceph container image or use the Vault + agent injector to securely add the file via annotations + on the CephNFS spec (passed to the NFS server pods). + properties: + volumeSource: + description: 'VolumeSource accepts a pared down version + of the standard Kubernetes VolumeSource for the Kerberos + keytab file like what is normally used to configure + Volumes for a Pod. For example, a Secret or HostPath. + There are two requirements for the source''s content: + 1. The config file must be mountable via `subPath: + krb5.keytab`. For example, in a Secret, the data item + must be named `krb5.keytab`, or `items` must be defined + to select the key and give it path `krb5.keytab`. + A HostPath directory must have the `krb5.keytab` file. + 2. The volume or config file must have mode 0600.' + properties: + configMap: + description: configMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode + bits used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within + the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of + storage medium should back this directory. + The default is "" which means to use the node''s + default medium. Must be an empty string (default) + or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value + between the SizeLimit specified here and the + sum of memory limits of all containers in + a pod. The default is nil which means that + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + description: 'hostPath represents a pre-existing + file or directory on the host machine that is + directly exposed to the container. This is generally + used for system agents or other privileged things + that are allowed to see the host machine. Most + containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + ---' + properties: + path: + description: 'path of the directory on the host. + If the path is a symlink, it will follow the + link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this + volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. Directories + within the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, and + the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the ConfigMap, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the + key to. May not be an absolute + path. May not contain the + path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are currently + supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret will + be projected into the volume as + a file whose name is the key and + content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the Secret, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the + key to. May not be an absolute + path. May not contain the + path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional field specify + whether the Secret or its key must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to + project + properties: + audience: + description: audience is the intended + audience of the token. A recipient + of a token must identify itself + with an identifier specified in + the audience of the token, and otherwise + should reject the token. The audience + defaults to the identifier of the + apiserver. + type: string + expirationSeconds: + description: expirationSeconds is + the requested duration of validity + of the service account token. As + the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. + The kubelet will start trying to + rotate the token if the token is + older than 80 percent of its time + to live or if the token is older + than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative + to the mount point of the file to + project the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + description: 'secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode + bits used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within + the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, and + the result can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the + secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + type: object + type: object + principalName: + default: nfs + description: 'PrincipalName corresponds directly to NFS-Ganesha''s + NFS_KRB5:PrincipalName config. In practice, this is the + service prefix of the principal name. The default is "nfs". + This value is combined with (a) the namespace and name + of the CephNFS (with a hyphen between) and (b) the Realm + configured in the user-provided krb5.conf to determine + the full principal name: /-@. + e.g., nfs/rook-ceph-my-nfs@example.net. See https://github.com/nfs-ganesha/nfs-ganesha/wiki/RPCSEC_GSS + for more detail.' + type: string + type: object + sssd: + description: SSSD enables integration with System Security Services + Daemon (SSSD). SSSD can be used to provide user ID mapping + from a number of sources. See https://sssd.io for more information + about the SSSD project. + nullable: true + properties: + sidecar: + description: Sidecar tells Rook to run SSSD in a sidecar + alongside the NFS-Ganesha server in each NFS pod. + properties: + additionalFiles: + description: AdditionalFiles defines any number of additional + files that should be mounted into the SSSD sidecar. + These files may be referenced by the sssd.conf config + file. + items: + description: SSSDSidecarAdditionalFile represents + the source from where additional files for the the + SSSD configuration should come from and are made + available. + properties: + subPath: + description: SubPath defines the sub-path in `/etc/sssd/rook-additional/` + where the additional file(s) will be placed. + Each subPath definition must be unique and must + not contain ':'. + minLength: 1 + pattern: ^[^:]+$ + type: string + volumeSource: + description: VolumeSource accepts a pared down + version of the standard Kubernetes VolumeSource + for the additional file(s) like what is normally + used to configure Volumes for a Pod. Fore example, + a ConfigMap, Secret, or HostPath. Each VolumeSource + adds one or more additional files to the SSSD + sidecar container in the `/etc/sssd/rook-additional/` + directory. Be aware that some files may need + to have a specific file mode like 0600 due to + requirements by SSSD for some files. For example, + CA or TLS certificates. + properties: + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: + mode bits used to set permissions on + created files by default. Must be an + octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. Defaults to 0644. Directories + within the path are not affected by + this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each + key-value pair in the Data field of + the referenced ConfigMap will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + description: 'emptyDir represents a temporary + directory that shares a pod''s lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type + of storage medium should back this directory. + The default is "" which means to use + the node''s default medium. Must be + an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage + on memory medium EmptyDir would be the + minimum value between the SizeLimit + specified here and the sum of memory + limits of all containers in a pod. The + default is nil which means that the + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + description: 'hostPath represents a pre-existing + file or directory on the host machine that + is directly exposed to the container. This + is generally used for system agents or other + privileged things that are allowed to see + the host machine. Most containers will NOT + need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + ---' + properties: + path: + description: 'path of the directory on + the host. If the path is a symlink, + it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume + Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of + a PersistentVolumeClaim in the same + namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + projected: + description: projected items for all in one + resources secrets, configmaps, and downward + API + properties: + defaultMode: + description: defaultMode are the mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both + octal and decimal values, JSON requires + decimal values for mode bits. Directories + within the path are not affected by + this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be + projected along with other supported + volume types + properties: + configMap: + description: configMap information + about the configMap data to project + properties: + items: + description: items if unspecified, + each key-value pair in the + Data field of the referenced + ConfigMap will be projected + into the volume as a file + whose name is the key and + content is the value. If specified, + the listed keys will be projected + into the specified paths, + and unlisted keys will not + be present. If a key is specified + which is not present in the + ConfigMap, the volume setup + will error unless it is marked + optional. Paths must be relative + and may not contain the '..' + path or start with '..'. + items: + description: Maps a string + key to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: 'mode is + Optional: mode bits + used to set permissions + on this file. Must be + an octal value between + 0000 and 0777 or a decimal + value between 0 and + 511. YAML accepts both + octal and decimal values, + JSON requires decimal + values for mode bits. + If not specified, the + volume defaultMode will + be used. This might + be in conflict with + other options that affect + the file mode, like + fsGroup, and the result + can be other mode bits + set.' + format: int32 + type: integer + path: + description: path is the + relative path of the + file to map the key + to. May not be an absolute + path. May not contain + the path element '..'. + May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: optional specify + whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to + project + properties: + items: + description: Items is a list + of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to + create the file containing + the pod field + properties: + fieldRef: + description: 'Required: + Selects a field of the + pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version + of the schema the + FieldPath is written + in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path + of the field to + select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: + mode bits used to set + permissions on this + file, must be an octal + value between 0000 and + 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and + decimal values, JSON + requires decimal values + for mode bits. If not + specified, the volume + defaultMode will be + used. This might be + in conflict with other + options that affect + the file mode, like + fsGroup, and the result + can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the file + to be created. Must + not be absolute or contain + the ''..'' path. Must + be utf-8 encoded. The + first item of the relative + path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects + a resource of the container: + only resources limits + and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container + name: required for + volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format + of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information + about the secret data to project + properties: + items: + description: items if unspecified, + each key-value pair in the + Data field of the referenced + Secret will be projected into + the volume as a file whose + name is the key and content + is the value. If specified, + the listed keys will be projected + into the specified paths, + and unlisted keys will not + be present. If a key is specified + which is not present in the + Secret, the volume setup will + error unless it is marked + optional. Paths must be relative + and may not contain the '..' + path or start with '..'. + items: + description: Maps a string + key to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: 'mode is + Optional: mode bits + used to set permissions + on this file. Must be + an octal value between + 0000 and 0777 or a decimal + value between 0 and + 511. YAML accepts both + octal and decimal values, + JSON requires decimal + values for mode bits. + If not specified, the + volume defaultMode will + be used. This might + be in conflict with + other options that affect + the file mode, like + fsGroup, and the result + can be other mode bits + set.' + format: int32 + type: integer + path: + description: path is the + relative path of the + file to map the key + to. May not be an absolute + path. May not contain + the path element '..'. + May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: optional field + specify whether the Secret + or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken + is information about the serviceAccountToken + data to project + properties: + audience: + description: audience is the + intended audience of the token. + A recipient of a token must + identify itself with an identifier + specified in the audience + of the token, and otherwise + should reject the token. The + audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds + is the requested duration + of validity of the service + account token. As the token + approaches expiration, the + kubelet volume plugin will + proactively rotate the service + account token. The kubelet + will start trying to rotate + the token if the token is + older than 80 percent of its + time to live or if the token + is older than 24 hours.Defaults + to 1 hour and must be at least + 10 minutes. + format: int64 + type: integer + path: + description: path is the path + relative to the mount point + of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + description: 'secret represents a secret that + should populate this volume. More info: + https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: + mode bits used to set permissions on + created files by default. Must be an + octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. Defaults to 0644. Directories + within the path are not affected by + this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each + key-value pair in the Data field of + the referenced Secret will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of + the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + type: object + required: + - subPath + - volumeSource + type: object + type: array + debugLevel: + description: 'DebugLevel sets the debug level for SSSD. + If unset or set to 0, Rook does nothing. Otherwise, + this may be a value between 1 and 10. See SSSD docs + for more info: https://sssd.io/troubleshooting/basics.html#sssd-debug-logs' + maximum: 10 + minimum: 0 + type: integer + image: + description: Image defines the container image that + should be used for the SSSD sidecar. + minLength: 1 + type: string + resources: + description: Resources allow specifying resource requests/limits + on the SSSD sidecar container. + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are used\ + \ by this container. \n This is an alpha field\ + \ and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It\ + \ can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + sssdConfigFile: + description: SSSDConfigFile defines where the SSSD configuration + should be sourced from. The config file will be placed + into `/etc/sssd/sssd.conf`. If this is left empty, + Rook will not add the file. This allows you to manage + the `sssd.conf` file yourself however you wish. For + example, you may build it into your custom Ceph container + image or use the Vault agent injector to securely + add the file via annotations on the CephNFS spec (passed + to the NFS server pods). + properties: + volumeSource: + description: 'VolumeSource accepts a pared down + version of the standard Kubernetes VolumeSource + for the SSSD configuration file like what is normally + used to configure Volumes for a Pod. For example, + a ConfigMap, Secret, or HostPath. There are two + requirements for the source''s content: 1. The + config file must be mountable via `subPath: sssd.conf`. + For example, in a ConfigMap, the data item must + be named `sssd.conf`, or `items` must be defined + to select the key and give it path `sssd.conf`. + A HostPath directory must have the `sssd.conf` + file. 2. The volume or config file must have mode + 0600.' + properties: + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each + key-value pair in the Data field of the + referenced ConfigMap will be projected + into the volume as a file whose name is + the key and content is the value. If specified, + the listed keys will be projected into + the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, + the volume setup will error unless it + is marked optional. Paths must be relative + and may not contain the '..' path or start + with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode + bits used to set permissions on + this file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + description: 'emptyDir represents a temporary + directory that shares a pod''s lifetime. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type + of storage medium should back this directory. + The default is "" which means to use the + node''s default medium. Must be an empty + string (default) or Memory. More info: + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on + memory medium EmptyDir would be the minimum + value between the SizeLimit specified + here and the sum of memory limits of all + containers in a pod. The default is nil + which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + description: 'hostPath represents a pre-existing + file or directory on the host machine that + is directly exposed to the container. This + is generally used for system agents or other + privileged things that are allowed to see + the host machine. Most containers will NOT + need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + ---' + properties: + path: + description: 'path of the directory on the + host. If the path is a symlink, it will + follow the link to the real path. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a + PersistentVolumeClaim in the same namespace + as the pod using this volume. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + projected: + description: projected items for all in one + resources secrets, configmaps, and downward + API + properties: + defaultMode: + description: defaultMode are the mode bits + used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. Directories within + the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information + about the configMap data to project + properties: + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the + key and content is the value. + If specified, the listed keys + will be projected into the specified + paths, and unlisted keys will + not be present. If a key is + specified which is not present + in the ConfigMap, the volume + setup will error unless it is + marked optional. Paths must + be relative and may not contain + the '..' path or start with + '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set + permissions on this file. + Must be an octal value + between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts + both octal and decimal + values, JSON requires + decimal values for mode + bits. If not specified, + the volume defaultMode + will be used. This might + be in conflict with other + options that affect the + file mode, like fsGroup, + and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: path is the + relative path of the file + to map the key to. May + not be an absolute path. + May not contain the path + element '..'. May not + start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: optional specify + whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to + create the file containing + the pod field + properties: + fieldRef: + description: 'Required: + Selects a field of the + pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version + of the schema the + FieldPath is written + in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of + the field to select + in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: + mode bits used to set + permissions on this file, + must be an octal value + between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts + both octal and decimal + values, JSON requires + decimal values for mode + bits. If not specified, + the volume defaultMode + will be used. This might + be in conflict with other + options that affect the + file mode, like fsGroup, + and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the file + to be created. Must not + be absolute or contain + the ''..'' path. Must + be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a + resource of the container: + only resources limits + and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container + name: required for + volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format + of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the + key and content is the value. + If specified, the listed keys + will be projected into the specified + paths, and unlisted keys will + not be present. If a key is + specified which is not present + in the Secret, the volume setup + will error unless it is marked + optional. Paths must be relative + and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set + permissions on this file. + Must be an octal value + between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts + both octal and decimal + values, JSON requires + decimal values for mode + bits. If not specified, + the volume defaultMode + will be used. This might + be in conflict with other + options that affect the + file mode, like fsGroup, + and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: path is the + relative path of the file + to map the key to. May + not be an absolute path. + May not contain the path + element '..'. May not + start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: audience is the intended + audience of the token. A recipient + of a token must identify itself + with an identifier specified + in the audience of the token, + and otherwise should reject + the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds + is the requested duration of + validity of the service account + token. As the token approaches + expiration, the kubelet volume + plugin will proactively rotate + the service account token. The + kubelet will start trying to + rotate the token if the token + is older than 80 percent of + its time to live or if the token + is older than 24 hours.Defaults + to 1 hour and must be at least + 10 minutes. + format: int64 + type: integer + path: + description: path is the path + relative to the mount point + of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + description: 'secret represents a secret that + should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each + key-value pair in the Data field of the + referenced Secret will be projected into + the volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected into + the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the + volume setup will error unless it is marked + optional. Paths must be relative and may + not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode + bits used to set permissions on + this file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of + the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + type: object + type: object + required: + - image + type: object + type: object + type: object + server: + description: Server is the Ganesha Server specification + properties: + active: + description: The number of active Ganesha servers + type: integer + annotations: + additionalProperties: + type: string + description: The annotations-related configuration to add/set + on each Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + hostNetwork: + description: Whether host networking is enabled for the Ganesha + server. If not set, the network settings from the cluster + CR will be applied. + nullable: true + type: boolean + labels: + additionalProperties: + type: string + description: The labels-related configuration to add/set on + each Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + description: LogLevel set logging level + type: string + placement: + description: The affinity to place the ganesha pods + nullable: true + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a + no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an + update), the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti + affinity scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all + of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If + the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to + spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or + zero if the number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can + be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number\ + \ of eligible domains. When the number of eligible\ + \ domains with matching topology keys is less than\ + \ minDomains, Pod Topology Spread treats \"global\ + \ minimum\" as 0, and then the calculation of Skew\ + \ is performed. And when the number of eligible\ + \ domains with matching topology keys equals or\ + \ greater than minDomains, this value has no effect\ + \ on scheduling. As a result, when the number of\ + \ eligible domains is less than minDomains, scheduler\ + \ won't schedule more than maxSkew Pods to those\ + \ domains. If value is nil, the constraint behaves\ + \ as if MinDomains is equal to 1. Valid values are\ + \ integers greater than 0. When value is not nil,\ + \ WhenUnsatisfiable must be DoNotSchedule. \n For\ + \ example, in a 3-zone cluster, MaxSkew is set to\ + \ 2, MinDomains is set to 5 and pods with the same\ + \ labelSelector spread as 2/2/2: | zone1 | zone2\ + \ | zone3 | | P P | P P | P P | The number\ + \ of domains is less than 5(MinDomains), so \"global\ + \ minimum\" is treated as 0. In this situation,\ + \ new pod with the same labelSelector cannot be\ + \ scheduled, because computed skew will be 3(3 -\ + \ 0) if new Pod is scheduled to any of the three\ + \ zones, it will violate MaxSkew. \n This is a beta\ + \ field and requires the MinDomainsInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we\ + \ will treat Pod's nodeAffinity/nodeSelector when\ + \ calculating pod topology spread skew. Options\ + \ are: - Honor: only nodes matching nodeAffinity/nodeSelector\ + \ are included in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will\ + \ treat node taints when calculating pod topology\ + \ spread skew. Options are: - Honor: nodes without\ + \ taints, along with tainted nodes for which the\ + \ incoming pod has a toleration, are included. -\ + \ Ignore: node taints are ignored. All nodes are\ + \ included. \n If this value is nil, the behavior\ + \ is equivalent to the Ignore policy. This is a\ + \ beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and + try to put balanced number of pods into each bucket. + We define a domain as a particular instance of a + topology. Also, we define an eligible domain as + a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if + TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help + reduce the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P + P | P | P | If WhenUnsatisfiable is set + to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + priorityClassName: + description: PriorityClassName sets the priority class on the + pods + type: string + resources: + description: Resources set resource requests and limits + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined\ + \ in spec.resourceClaims, that are used by this container.\ + \ \n This is an alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate. \n This field\ + \ is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - active + type: object + required: + - server + type: object + status: + description: Status represents the status of an object + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephobjectrealms.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectRealm + listKind: CephObjectRealmList + plural: cephobjectrealms + singular: cephobjectrealm + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CephObjectRealm represents a Ceph Object Store Gateway Realm + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ObjectRealmSpec represent the spec of an ObjectRealm + nullable: true + properties: + pull: + description: PullSpec represents the pulling specification of a + Ceph Object Storage Gateway Realm + properties: + endpoint: + pattern: ^https*:// + type: string + type: object + type: object + status: + description: Status represents the status of an object + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephobjectstores.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectStore + listKind: CephObjectStoreList + plural: cephobjectstores + singular: cephobjectstore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephObjectStore represents a Ceph Object Store Gateway + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ObjectStoreSpec represent the spec of a pool + properties: + allowUsersInNamespaces: + description: The list of allowed namespaces in addition to the object + store namespace where ceph object store users may be created. + Specify "*" to allow all namespaces, otherwise list individual + namespaces that are to be allowed. This is useful for applications + that need object store credentials to be created in their own + namespace, where neither OBCs nor COSI is being used to create + buckets. The default is empty. + items: + type: string + type: array + dataPool: + description: The data pool settings + nullable: true + properties: + compressionMode: + description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] + = "force" The inline compression mode in Bluestore OSD to + set to (options are: none, passive, aggressive, force) Do + NOT set a default value for kubebuilder as this will override + the Parameters' + enum: + - none + - passive + - aggressive + - force + - '' + nullable: true + type: string + crushRoot: + description: The root of the crush hierarchy utilized by the + pool + nullable: true + type: string + deviceClass: + description: The device class the OSD should set to for use + in the pool + nullable: true + type: string + enableRBDStats: + description: EnableRBDStats is used to enable gathering of statistics + for all RBD images in the pool + type: boolean + erasureCoded: + description: The erasure code settings + properties: + algorithm: + description: The algorithm for erasure coding + type: string + codingChunks: + description: Number of coding chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + This is the number of OSDs that can be lost simultaneously + before data cannot be recovered. + minimum: 0 + type: integer + dataChunks: + description: Number of data chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + The number of chunks required to recover an object when + any single OSD is lost is the same as dataChunks so be + aware that the larger the number of data chunks, the higher + the cost of recovery. + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + description: 'The failure domain: osd/host/(region or zone if + available) - technically also any type in the crush map' + type: string + mirroring: + description: The mirroring settings + properties: + enabled: + description: Enabled whether this pool is mirrored or not + type: boolean + mode: + description: 'Mode is the mirroring mode: either pool or + image' + type: string + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes Secret + names to add rbd-mirror or cephfs-mirror peers + items: + type: string + type: array + type: object + snapshotSchedules: + description: SnapshotSchedules is the scheduling of snapshot + for mirrored images/pools + items: + description: SnapshotScheduleSpec represents the snapshot + scheduling settings of a mirrored pool + properties: + interval: + description: Interval represent the periodicity of + the snapshot. + type: string + path: + description: Path is the path to snapshot, only valid + for CephFS + type: string + startTime: + description: StartTime indicates when to start the + snapshot + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + description: Parameters is a list of properties to enable on + a given pool + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + description: The quota settings + nullable: true + properties: + maxBytes: + description: MaxBytes represents the quota in bytes Deprecated + in favor of MaxSize + format: int64 + type: integer + maxObjects: + description: MaxObjects represents the quota in objects + format: int64 + type: integer + maxSize: + description: MaxSize represents the quota in bytes as a + string + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + description: The replication settings + properties: + hybridStorage: + description: HybridStorage represents hybrid storage tier + settings + nullable: true + properties: + primaryDeviceClass: + description: PrimaryDeviceClass represents high performance + tier (for example SSD or NVME) for Primary OSD + minLength: 1 + type: string + secondaryDeviceClass: + description: SecondaryDeviceClass represents low performance + tier (for example HDDs) for remaining OSDs + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + description: ReplicasPerFailureDomain the number of replica + in the specified failure domain + minimum: 1 + type: integer + requireSafeReplicaSize: + description: RequireSafeReplicaSize if false allows you + to set replica 1 + type: boolean + size: + description: Size - Number of copies per object in a replicated + storage pool, including the object itself (required for + replicated pool type) + minimum: 0 + type: integer + subFailureDomain: + description: SubFailureDomain the name of the sub-failure + domain + type: string + targetSizeRatio: + description: TargetSizeRatio gives a hint (%) to Ceph in + terms of expected consumption of the total cluster capacity + type: number + required: + - size + type: object + statusCheck: + description: The mirroring statusCheck + properties: + mirror: + description: HealthCheckSpec represents the health check + of an object store bucket + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + gateway: + description: The rgw pod info + nullable: true + properties: + annotations: + additionalProperties: + type: string + description: The annotations-related configuration to add/set + on each Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + caBundleRef: + description: The name of the secret that stores custom ca-bundle + with root and intermediate certificates. + nullable: true + type: string + dashboardEnabled: + description: Whether rgw dashboard is enabled for the rgw daemon. + If not set, the rgw dashboard will be enabled. + nullable: true + type: boolean + x-kubernetes-preserve-unknown-fields: true + disableMultisiteSyncTraffic: + description: 'DisableMultisiteSyncTraffic, when true, prevents + this object store''s gateways from transmitting multisite + replication data. Note that this value does not affect whether + gateways receive multisite replication traffic: see ObjectZone.spec.customEndpoints + for that. If false or unset, this object store''s gateways + will be able to transmit multisite replication data.' + type: boolean + externalRgwEndpoints: + description: ExternalRgwEndpoints points to external RGW endpoint(s). + Multiple endpoints can be given, but for stability of ObjectBucketClaims, + we highly recommend that users give only a single external + RGW endpoint that is a load balancer that sends requests to + the multiple RGWs. + items: + description: EndpointAddress is a tuple that describes a single + IP address or host name. This is a subset of Kubernetes's + v1.EndpointAddress. + properties: + hostname: + description: The DNS-addressable Hostname of this endpoint. + This field will be preferred over IP if both are given. + type: string + ip: + description: The IP of this endpoint. As a legacy behavior, + this supports being given a DNS-adressable hostname + as well. + type: string + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + hostNetwork: + description: Whether host networking is enabled for the rgw + daemon. If not set, the network settings from the cluster + CR will be applied. + nullable: true + type: boolean + x-kubernetes-preserve-unknown-fields: true + instances: + description: The number of pods in the rgw replicaset. + format: int32 + nullable: true + type: integer + labels: + additionalProperties: + type: string + description: The labels-related configuration to add/set on + each Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + placement: + description: The affinity to place the rgw pods (default is + to place on any available node) + nullable: true + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a + no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an + update), the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti + affinity scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all + of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If + the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to + spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or + zero if the number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can + be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number\ + \ of eligible domains. When the number of eligible\ + \ domains with matching topology keys is less than\ + \ minDomains, Pod Topology Spread treats \"global\ + \ minimum\" as 0, and then the calculation of Skew\ + \ is performed. And when the number of eligible\ + \ domains with matching topology keys equals or\ + \ greater than minDomains, this value has no effect\ + \ on scheduling. As a result, when the number of\ + \ eligible domains is less than minDomains, scheduler\ + \ won't schedule more than maxSkew Pods to those\ + \ domains. If value is nil, the constraint behaves\ + \ as if MinDomains is equal to 1. Valid values are\ + \ integers greater than 0. When value is not nil,\ + \ WhenUnsatisfiable must be DoNotSchedule. \n For\ + \ example, in a 3-zone cluster, MaxSkew is set to\ + \ 2, MinDomains is set to 5 and pods with the same\ + \ labelSelector spread as 2/2/2: | zone1 | zone2\ + \ | zone3 | | P P | P P | P P | The number\ + \ of domains is less than 5(MinDomains), so \"global\ + \ minimum\" is treated as 0. In this situation,\ + \ new pod with the same labelSelector cannot be\ + \ scheduled, because computed skew will be 3(3 -\ + \ 0) if new Pod is scheduled to any of the three\ + \ zones, it will violate MaxSkew. \n This is a beta\ + \ field and requires the MinDomainsInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we\ + \ will treat Pod's nodeAffinity/nodeSelector when\ + \ calculating pod topology spread skew. Options\ + \ are: - Honor: only nodes matching nodeAffinity/nodeSelector\ + \ are included in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will\ + \ treat node taints when calculating pod topology\ + \ spread skew. Options are: - Honor: nodes without\ + \ taints, along with tainted nodes for which the\ + \ incoming pod has a toleration, are included. -\ + \ Ignore: node taints are ignored. All nodes are\ + \ included. \n If this value is nil, the behavior\ + \ is equivalent to the Ignore policy. This is a\ + \ beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and + try to put balanced number of pods into each bucket. + We define a domain as a particular instance of a + topology. Also, we define an eligible domain as + a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if + TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help + reduce the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P + P | P | P | If WhenUnsatisfiable is set + to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, + the cluster can still be imbalanced, but scheduler + won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + port: + description: The port the rgw service will be listening on (http) + format: int32 + type: integer + priorityClassName: + description: PriorityClassName sets priority classes on the + rgw pods + type: string + resources: + description: The resource requirements for the rgw pods + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined\ + \ in spec.resourceClaims, that are used by this container.\ + \ \n This is an alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate. \n This field\ + \ is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + securePort: + description: The port the rgw service will be listening on (https) + format: int32 + maximum: 65535 + minimum: 0 + nullable: true + type: integer + service: + description: The configuration related to add/set on each rgw + service. + nullable: true + properties: + annotations: + additionalProperties: + type: string + description: The annotations-related configuration to add/set + on each rgw service. nullable optional + type: object + type: object + sslCertificateRef: + description: The name of the secret that stores the ssl certificate + for secure rgw connections + nullable: true + type: string + type: object + healthCheck: + description: The RGW health probes + nullable: true + properties: + readinessProbe: + description: ProbeSpec is a wrapper around Probe so it can be + enabled or disabled for a Ceph daemon + properties: + disabled: + description: Disabled determines whether probe is disable + or not + type: boolean + probe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive or + ready to receive traffic. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service\ + \ to place in the gRPC HealthCheckRequest (see\ + \ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default behavior\ + \ is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided + by the pod spec. Value must be non-negative integer. + The value zero indicates stop immediately via the + kill signal (no opportunity to shut down). This is + a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + startupProbe: + description: ProbeSpec is a wrapper around Probe so it can be + enabled or disabled for a Ceph daemon + properties: + disabled: + description: Disabled determines whether probe is disable + or not + type: boolean + probe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive or + ready to receive traffic. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service\ + \ to place in the gRPC HealthCheckRequest (see\ + \ https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\ + \ \n If this is not specified, the default behavior\ + \ is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided + by the pod spec. Value must be non-negative integer. + The value zero indicates stop immediately via the + kill signal (no opportunity to shut down). This is + a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + type: object + type: object + metadataPool: + description: The metadata pool settings + nullable: true + properties: + compressionMode: + description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] + = "force" The inline compression mode in Bluestore OSD to + set to (options are: none, passive, aggressive, force) Do + NOT set a default value for kubebuilder as this will override + the Parameters' + enum: + - none + - passive + - aggressive + - force + - '' + nullable: true + type: string + crushRoot: + description: The root of the crush hierarchy utilized by the + pool + nullable: true + type: string + deviceClass: + description: The device class the OSD should set to for use + in the pool + nullable: true + type: string + enableRBDStats: + description: EnableRBDStats is used to enable gathering of statistics + for all RBD images in the pool + type: boolean + erasureCoded: + description: The erasure code settings + properties: + algorithm: + description: The algorithm for erasure coding + type: string + codingChunks: + description: Number of coding chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + This is the number of OSDs that can be lost simultaneously + before data cannot be recovered. + minimum: 0 + type: integer + dataChunks: + description: Number of data chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + The number of chunks required to recover an object when + any single OSD is lost is the same as dataChunks so be + aware that the larger the number of data chunks, the higher + the cost of recovery. + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + description: 'The failure domain: osd/host/(region or zone if + available) - technically also any type in the crush map' + type: string + mirroring: + description: The mirroring settings + properties: + enabled: + description: Enabled whether this pool is mirrored or not + type: boolean + mode: + description: 'Mode is the mirroring mode: either pool or + image' + type: string + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes Secret + names to add rbd-mirror or cephfs-mirror peers + items: + type: string + type: array + type: object + snapshotSchedules: + description: SnapshotSchedules is the scheduling of snapshot + for mirrored images/pools + items: + description: SnapshotScheduleSpec represents the snapshot + scheduling settings of a mirrored pool + properties: + interval: + description: Interval represent the periodicity of + the snapshot. + type: string + path: + description: Path is the path to snapshot, only valid + for CephFS + type: string + startTime: + description: StartTime indicates when to start the + snapshot + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + description: Parameters is a list of properties to enable on + a given pool + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + description: The quota settings + nullable: true + properties: + maxBytes: + description: MaxBytes represents the quota in bytes Deprecated + in favor of MaxSize + format: int64 + type: integer + maxObjects: + description: MaxObjects represents the quota in objects + format: int64 + type: integer + maxSize: + description: MaxSize represents the quota in bytes as a + string + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + description: The replication settings + properties: + hybridStorage: + description: HybridStorage represents hybrid storage tier + settings + nullable: true + properties: + primaryDeviceClass: + description: PrimaryDeviceClass represents high performance + tier (for example SSD or NVME) for Primary OSD + minLength: 1 + type: string + secondaryDeviceClass: + description: SecondaryDeviceClass represents low performance + tier (for example HDDs) for remaining OSDs + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + description: ReplicasPerFailureDomain the number of replica + in the specified failure domain + minimum: 1 + type: integer + requireSafeReplicaSize: + description: RequireSafeReplicaSize if false allows you + to set replica 1 + type: boolean + size: + description: Size - Number of copies per object in a replicated + storage pool, including the object itself (required for + replicated pool type) + minimum: 0 + type: integer + subFailureDomain: + description: SubFailureDomain the name of the sub-failure + domain + type: string + targetSizeRatio: + description: TargetSizeRatio gives a hint (%) to Ceph in + terms of expected consumption of the total cluster capacity + type: number + required: + - size + type: object + statusCheck: + description: The mirroring statusCheck + properties: + mirror: + description: HealthCheckSpec represents the health check + of an object store bucket + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + preservePoolsOnDelete: + description: Preserve pools on object store deletion + type: boolean + security: + description: Security represents security settings + nullable: true + properties: + keyRotation: + description: KeyRotation defines options for Key Rotation. + nullable: true + properties: + enabled: + default: false + description: Enabled represents whether the key rotation + is enabled. + type: boolean + schedule: + description: Schedule represents the cron schedule for key + rotation. + type: string + type: object + kms: + description: KeyManagementService is the main Key Management + option + nullable: true + properties: + connectionDetails: + additionalProperties: + type: string + description: ConnectionDetails contains the KMS connection + details (address, port etc) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + tokenSecretName: + description: TokenSecretName is the kubernetes secret containing + the KMS token + type: string + type: object + s3: + description: The settings for supporting AWS-SSE:S3 with RGW + nullable: true + properties: + connectionDetails: + additionalProperties: + type: string + description: ConnectionDetails contains the KMS connection + details (address, port etc) + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + tokenSecretName: + description: TokenSecretName is the kubernetes secret containing + the KMS token + type: string + type: object + type: object + zone: + description: The multisite info + nullable: true + properties: + name: + description: RGW Zone the Object Store is in + type: string + required: + - name + type: object + type: object + status: + description: ObjectStoreStatus represents the status of a Ceph Object + Store resource + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + endpoints: + properties: + insecure: + items: + type: string + nullable: true + type: array + secure: + items: + type: string + nullable: true + type: array + type: object + info: + additionalProperties: + type: string + nullable: true + type: object + message: + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: ConditionType represent a resource's status + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephobjectstoreusers.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectStoreUser + listKind: CephObjectStoreUserList + plural: cephobjectstoreusers + shortNames: + - rcou + - objectuser + singular: cephobjectstoreuser + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephObjectStoreUser represents a Ceph Object Store Gateway + User + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ObjectStoreUserSpec represent the spec of an Objectstoreuser + properties: + capabilities: + description: Additional admin-level capabilities for the Ceph object + store user + nullable: true + properties: + amz-cache: + description: Add capabilities for user to send request to RGW + Cache API header. Documented in https://docs.ceph.com/en/quincy/radosgw/rgw-cache/#cache-api + enum: + - '*' + - read + - write + - read, write + type: string + bilog: + description: Add capabilities for user to change bucket index + logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + bucket: + description: Admin capabilities to read/write Ceph object store + buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + buckets: + description: Admin capabilities to read/write Ceph object store + buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + datalog: + description: Add capabilities for user to change data logging. + Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + info: + description: Admin capabilities to read/write information about + the user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + mdlog: + description: Add capabilities for user to change metadata logging. + Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + metadata: + description: Admin capabilities to read/write Ceph object store + metadata. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + oidc-provider: + description: Add capabilities for user to change oidc provider. + Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + ratelimit: + description: Add capabilities for user to set rate limiter for + user and bucket. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + roles: + description: Admin capabilities to read/write roles for user. + Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + usage: + description: Admin capabilities to read/write Ceph object store + usage. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + user: + description: Admin capabilities to read/write Ceph object store + users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + user-policy: + description: Add capabilities for user to change user policies. + Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + users: + description: Admin capabilities to read/write Ceph object store + users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + zone: + description: Admin capabilities to read/write Ceph object store + zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string + type: object + clusterNamespace: + description: The namespace where the parent CephCluster and CephObjectStore + are found + type: string + displayName: + description: The display name for the ceph users + type: string + quotas: + description: ObjectUserQuotaSpec can be used to set quotas for the + object store user to limit their usage. See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/?#quota-management) + for more + nullable: true + properties: + maxBuckets: + description: Maximum bucket limit for the ceph user + nullable: true + type: integer + maxObjects: + description: Maximum number of objects across all the user's + buckets + format: int64 + nullable: true + type: integer + maxSize: + anyOf: + - type: integer + - type: string + description: Maximum size limit of all objects across all the + user's buckets See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity + for more info. + nullable: true + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + store: + description: The store the user will be created in + type: string + type: object + status: + description: ObjectStoreUserStatus represents the status Ceph Object + Store Gateway User + properties: + info: + additionalProperties: + type: string + nullable: true + type: object + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephobjectzonegroups.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectZoneGroup + listKind: CephObjectZoneGroupList + plural: cephobjectzonegroups + singular: cephobjectzonegroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephObjectZoneGroup represents a Ceph Object Store Gateway + Zone Group + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ObjectZoneGroupSpec represent the spec of an ObjectZoneGroup + properties: + realm: + description: The display name for the ceph users + type: string + required: + - realm + type: object + status: + description: Status represents the status of an object + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephobjectzones.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephObjectZone + listKind: CephObjectZoneList + plural: cephobjectzones + singular: cephobjectzone + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephObjectZone represents a Ceph Object Store Gateway Zone + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ObjectZoneSpec represent the spec of an ObjectZone + properties: + customEndpoints: + description: "If this zone cannot be accessed from other peer Ceph\ + \ clusters via the ClusterIP Service endpoint created by Rook,\ + \ you must set this to the externally reachable endpoint(s). You\ + \ may include the port in the definition. For example: \"https://my-object-store.my-domain.net:443\"\ + . In many cases, you should set this to the endpoint of the ingress\ + \ resource that makes the CephObjectStore associated with this\ + \ CephObjectStoreZone reachable to peer clusters. The list can\ + \ have one or more endpoints pointing to different RGW servers\ + \ in the zone. \n If a CephObjectStore endpoint is omitted from\ + \ this list, that object store's gateways will not receive multisite\ + \ replication data (see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic)." + items: + type: string + nullable: true + type: array + dataPool: + description: The data pool settings + nullable: true + properties: + compressionMode: + description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] + = "force" The inline compression mode in Bluestore OSD to + set to (options are: none, passive, aggressive, force) Do + NOT set a default value for kubebuilder as this will override + the Parameters' + enum: + - none + - passive + - aggressive + - force + - '' + nullable: true + type: string + crushRoot: + description: The root of the crush hierarchy utilized by the + pool + nullable: true + type: string + deviceClass: + description: The device class the OSD should set to for use + in the pool + nullable: true + type: string + enableRBDStats: + description: EnableRBDStats is used to enable gathering of statistics + for all RBD images in the pool + type: boolean + erasureCoded: + description: The erasure code settings + properties: + algorithm: + description: The algorithm for erasure coding + type: string + codingChunks: + description: Number of coding chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + This is the number of OSDs that can be lost simultaneously + before data cannot be recovered. + minimum: 0 + type: integer + dataChunks: + description: Number of data chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + The number of chunks required to recover an object when + any single OSD is lost is the same as dataChunks so be + aware that the larger the number of data chunks, the higher + the cost of recovery. + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + description: 'The failure domain: osd/host/(region or zone if + available) - technically also any type in the crush map' + type: string + mirroring: + description: The mirroring settings + properties: + enabled: + description: Enabled whether this pool is mirrored or not + type: boolean + mode: + description: 'Mode is the mirroring mode: either pool or + image' + type: string + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes Secret + names to add rbd-mirror or cephfs-mirror peers + items: + type: string + type: array + type: object + snapshotSchedules: + description: SnapshotSchedules is the scheduling of snapshot + for mirrored images/pools + items: + description: SnapshotScheduleSpec represents the snapshot + scheduling settings of a mirrored pool + properties: + interval: + description: Interval represent the periodicity of + the snapshot. + type: string + path: + description: Path is the path to snapshot, only valid + for CephFS + type: string + startTime: + description: StartTime indicates when to start the + snapshot + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + description: Parameters is a list of properties to enable on + a given pool + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + description: The quota settings + nullable: true + properties: + maxBytes: + description: MaxBytes represents the quota in bytes Deprecated + in favor of MaxSize + format: int64 + type: integer + maxObjects: + description: MaxObjects represents the quota in objects + format: int64 + type: integer + maxSize: + description: MaxSize represents the quota in bytes as a + string + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + description: The replication settings + properties: + hybridStorage: + description: HybridStorage represents hybrid storage tier + settings + nullable: true + properties: + primaryDeviceClass: + description: PrimaryDeviceClass represents high performance + tier (for example SSD or NVME) for Primary OSD + minLength: 1 + type: string + secondaryDeviceClass: + description: SecondaryDeviceClass represents low performance + tier (for example HDDs) for remaining OSDs + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + description: ReplicasPerFailureDomain the number of replica + in the specified failure domain + minimum: 1 + type: integer + requireSafeReplicaSize: + description: RequireSafeReplicaSize if false allows you + to set replica 1 + type: boolean + size: + description: Size - Number of copies per object in a replicated + storage pool, including the object itself (required for + replicated pool type) + minimum: 0 + type: integer + subFailureDomain: + description: SubFailureDomain the name of the sub-failure + domain + type: string + targetSizeRatio: + description: TargetSizeRatio gives a hint (%) to Ceph in + terms of expected consumption of the total cluster capacity + type: number + required: + - size + type: object + statusCheck: + description: The mirroring statusCheck + properties: + mirror: + description: HealthCheckSpec represents the health check + of an object store bucket + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + metadataPool: + description: The metadata pool settings + nullable: true + properties: + compressionMode: + description: 'DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] + = "force" The inline compression mode in Bluestore OSD to + set to (options are: none, passive, aggressive, force) Do + NOT set a default value for kubebuilder as this will override + the Parameters' + enum: + - none + - passive + - aggressive + - force + - '' + nullable: true + type: string + crushRoot: + description: The root of the crush hierarchy utilized by the + pool + nullable: true + type: string + deviceClass: + description: The device class the OSD should set to for use + in the pool + nullable: true + type: string + enableRBDStats: + description: EnableRBDStats is used to enable gathering of statistics + for all RBD images in the pool + type: boolean + erasureCoded: + description: The erasure code settings + properties: + algorithm: + description: The algorithm for erasure coding + type: string + codingChunks: + description: Number of coding chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + This is the number of OSDs that can be lost simultaneously + before data cannot be recovered. + minimum: 0 + type: integer + dataChunks: + description: Number of data chunks per object in an erasure + coded storage pool (required for erasure-coded pool type). + The number of chunks required to recover an object when + any single OSD is lost is the same as dataChunks so be + aware that the larger the number of data chunks, the higher + the cost of recovery. + minimum: 0 + type: integer + required: + - codingChunks + - dataChunks + type: object + failureDomain: + description: 'The failure domain: osd/host/(region or zone if + available) - technically also any type in the crush map' + type: string + mirroring: + description: The mirroring settings + properties: + enabled: + description: Enabled whether this pool is mirrored or not + type: boolean + mode: + description: 'Mode is the mirroring mode: either pool or + image' + type: string + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes Secret + names to add rbd-mirror or cephfs-mirror peers + items: + type: string + type: array + type: object + snapshotSchedules: + description: SnapshotSchedules is the scheduling of snapshot + for mirrored images/pools + items: + description: SnapshotScheduleSpec represents the snapshot + scheduling settings of a mirrored pool + properties: + interval: + description: Interval represent the periodicity of + the snapshot. + type: string + path: + description: Path is the path to snapshot, only valid + for CephFS + type: string + startTime: + description: StartTime indicates when to start the + snapshot + type: string + type: object + type: array + type: object + parameters: + additionalProperties: + type: string + description: Parameters is a list of properties to enable on + a given pool + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + quotas: + description: The quota settings + nullable: true + properties: + maxBytes: + description: MaxBytes represents the quota in bytes Deprecated + in favor of MaxSize + format: int64 + type: integer + maxObjects: + description: MaxObjects represents the quota in objects + format: int64 + type: integer + maxSize: + description: MaxSize represents the quota in bytes as a + string + pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$ + type: string + type: object + replicated: + description: The replication settings + properties: + hybridStorage: + description: HybridStorage represents hybrid storage tier + settings + nullable: true + properties: + primaryDeviceClass: + description: PrimaryDeviceClass represents high performance + tier (for example SSD or NVME) for Primary OSD + minLength: 1 + type: string + secondaryDeviceClass: + description: SecondaryDeviceClass represents low performance + tier (for example HDDs) for remaining OSDs + minLength: 1 + type: string + required: + - primaryDeviceClass + - secondaryDeviceClass + type: object + replicasPerFailureDomain: + description: ReplicasPerFailureDomain the number of replica + in the specified failure domain + minimum: 1 + type: integer + requireSafeReplicaSize: + description: RequireSafeReplicaSize if false allows you + to set replica 1 + type: boolean + size: + description: Size - Number of copies per object in a replicated + storage pool, including the object itself (required for + replicated pool type) + minimum: 0 + type: integer + subFailureDomain: + description: SubFailureDomain the name of the sub-failure + domain + type: string + targetSizeRatio: + description: TargetSizeRatio gives a hint (%) to Ceph in + terms of expected consumption of the total cluster capacity + type: number + required: + - size + type: object + statusCheck: + description: The mirroring statusCheck + properties: + mirror: + description: HealthCheckSpec represents the health check + of an object store bucket + nullable: true + properties: + disabled: + type: boolean + interval: + description: Interval is the internal in second or minute + for the health check to run like 60s for 60 seconds + type: string + timeout: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + preservePoolsOnDelete: + default: true + description: Preserve pools on object zone deletion + type: boolean + zoneGroup: + description: The display name for the ceph users + type: string + required: + - dataPool + - metadataPool + - zoneGroup + type: object + status: + description: Status represents the status of an object + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephrbdmirrors.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephRBDMirror + listKind: CephRBDMirrorList + plural: cephrbdmirrors + singular: cephrbdmirror + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: CephRBDMirror represents a Ceph RBD Mirror + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RBDMirroringSpec represents the specification of an RBD + mirror daemon + properties: + annotations: + additionalProperties: + type: string + description: The annotations-related configuration to add/set on + each Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + count: + description: Count represents the number of rbd mirror instance + to run + minimum: 1 + type: integer + labels: + additionalProperties: + type: string + description: The labels-related configuration to add/set on each + Pod related object. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + peers: + description: Peers represents the peers spec + nullable: true + properties: + secretNames: + description: SecretNames represents the Kubernetes Secret names + to add rbd-mirror or cephfs-mirror peers + items: + type: string + type: array + type: object + placement: + description: The affinity to place the rgw pods (default is to place + on any available node) + nullable: true + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of + matching pods in an eligible domain or zero if the number + of eligible domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 | zone3 | | P + P | P P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; scheduling + it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto any zone. When + `whenUnsatisfiable=ScheduleAnyway`, it is used to give + higher precedence to topologies that satisfy it. It''s + a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of\ + \ eligible domains. When the number of eligible domains\ + \ with matching topology keys is less than minDomains,\ + \ Pod Topology Spread treats \"global minimum\" as 0,\ + \ and then the calculation of Skew is performed. And\ + \ when the number of eligible domains with matching\ + \ topology keys equals or greater than minDomains, this\ + \ value has no effect on scheduling. As a result, when\ + \ the number of eligible domains is less than minDomains,\ + \ scheduler won't schedule more than maxSkew Pods to\ + \ those domains. If value is nil, the constraint behaves\ + \ as if MinDomains is equal to 1. Valid values are integers\ + \ greater than 0. When value is not nil, WhenUnsatisfiable\ + \ must be DoNotSchedule. \n For example, in a 3-zone\ + \ cluster, MaxSkew is set to 2, MinDomains is set to\ + \ 5 and pods with the same labelSelector spread as 2/2/2:\ + \ | zone1 | zone2 | zone3 | | P P | P P | P P \ + \ | The number of domains is less than 5(MinDomains),\ + \ so \"global minimum\" is treated as 0. In this situation,\ + \ new pod with the same labelSelector cannot be scheduled,\ + \ because computed skew will be 3(3 - 0) if new Pod\ + \ is scheduled to any of the three zones, it will violate\ + \ MaxSkew. \n This is a beta field and requires the\ + \ MinDomainsInPodTopologySpread feature gate to be enabled\ + \ (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will\ + \ treat Pod's nodeAffinity/nodeSelector when calculating\ + \ pod topology spread skew. Options are: - Honor: only\ + \ nodes matching nodeAffinity/nodeSelector are included\ + \ in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat\ + \ node taints when calculating pod topology spread skew.\ + \ Options are: - Honor: nodes without taints, along\ + \ with tainted nodes for which the incoming pod has\ + \ a toleration, are included. - Ignore: node taints\ + \ are ignored. All nodes are included. \n If this value\ + \ is nil, the behavior is equivalent to the Ignore policy.\ + \ This is a beta-level feature default enabled by the\ + \ NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values + are considered to be in the same topology. We consider + each as a "bucket", and try to put balanced + number of pods into each bucket. We define a domain + as a particular instance of a topology. Also, we define + an eligible domain as a domain whose nodes meet the + requirements of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each + Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become + 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be + imbalanced, but scheduler won''t make it *more* imbalanced. + It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + priorityClassName: + description: PriorityClassName sets priority class on the rbd mirror + pods + type: string + resources: + description: The resource requirements for the rbd mirror pods + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined in\ + \ spec.resourceClaims, that are used by this container. \n\ + \ This is an alpha field and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It can only be\ + \ set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - count + type: object + status: + description: Status represents the status of an object + properties: + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: objectbucketclaims.objectbucket.io +spec: + group: objectbucket.io + names: + kind: ObjectBucketClaim + listKind: ObjectBucketClaimList + plural: objectbucketclaims + shortNames: + - obc + - obcs + singular: objectbucketclaim + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + additionalConfig: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + bucketName: + type: string + generateBucketName: + type: string + objectBucketName: + type: string + storageClassName: + type: string + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: objectbuckets.objectbucket.io +spec: + group: objectbucket.io + names: + kind: ObjectBucket + listKind: ObjectBucketList + plural: objectbuckets + shortNames: + - ob + - obs + singular: objectbucket + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + additionalState: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + authentication: + items: + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: object + claimRef: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + endpoint: + nullable: true + properties: + additionalConfig: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + bucketHost: + type: string + bucketName: + type: string + bucketPort: + format: int32 + type: integer + region: + type: string + subRegion: + type: string + type: object + reclaimPolicy: + type: string + storageClassName: + type: string + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml new file mode 100644 index 00000000..21673cbc --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml @@ -0,0 +1,100 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-system + namespace: syn-rook-ceph-operator +rules: + - apiGroups: + - '' + resources: + - pods + - configmaps + - services + verbs: + - get + - list + - watch + - patch + - create + - update + - delete + - apiGroups: + - apps + - extensions + resources: + - daemonsets + - statefulsets + - deployments + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - delete + - apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - get + - create + - delete + - apiGroups: + - multicluster.x-k8s.io + resources: + - serviceexports + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cephfs-external-provisioner-cfg + namespace: syn-rook-ceph-operator +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rbd-external-provisioner-cfg + namespace: syn-rook-ceph-operator +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml new file mode 100644 index 00000000..b9852c1e --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-system + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-system +subjects: + - kind: ServiceAccount + name: rook-ceph-system + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cephfs-csi-provisioner-role-cfg + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cephfs-external-provisioner-cfg +subjects: + - kind: ServiceAccount + name: rook-csi-cephfs-provisioner-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rbd-csi-provisioner-role-cfg + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rbd-external-provisioner-cfg +subjects: + - kind: ServiceAccount + name: rook-csi-rbd-provisioner-sa + namespace: syn-rook-ceph-operator diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml new file mode 100644 index 00000000..04905a6c --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: rook-ceph-operator + helm.sh/chart: rook-ceph-v1.12.7 + operator: rook + storage-backend: ceph + name: rook-ceph-system + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-csi-cephfs-plugin-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-csi-cephfs-provisioner-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-csi-rbd-plugin-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-csi-rbd-provisioner-sa + namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner + namespace: syn-rook-ceph-operator diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/03_rbac_fixes.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/03_rbac_fixes.yaml new file mode 100644 index 00000000..e4a50b73 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/03_rbac_fixes.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: syn-rook-ceph-cephfs-provisioner-fix + name: syn-rook-ceph-cephfs-provisioner-fix + name: syn-rook-ceph-cephfs-provisioner-fix +rules: + - apiGroups: + - '' + resources: + - nodes + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: syn-rook-ceph-cephfs-provisioner-fix + name: syn-rook-ceph-cephfs-provisioner-fix + name: syn-rook-ceph-cephfs-provisioner-fix +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: syn-rook-ceph-cephfs-provisioner-fix +subjects: + - kind: ServiceAccount + name: rook-csi-cephfs-provisioner-sa + namespace: syn-rook-ceph-operator diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_cluster.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_cluster.yaml new file mode 100644 index 00000000..2e7b7381 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_cluster.yaml @@ -0,0 +1,78 @@ +apiVersion: ceph.rook.io/v1 +kind: CephCluster +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: cluster + name: cluster + name: cluster + namespace: syn-rook-ceph-cluster +spec: + cephVersion: + allowUnsupported: false + image: quay.io/ceph/ceph:v17.2.6 + dataDirHostPath: /var/lib/rook + disruptionManagement: + managePodBudgets: true + osdMaintenanceTimeout: 30 + mon: + allowMultiplePerNode: false + count: 3 + monitoring: + enabled: true + network: + provider: host + placement: + all: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/storage + operator: Exists + tolerations: + - key: storagenode + operator: Exists + resources: + mgr: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi + mon: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 250m + memory: 2Gi + osd: + limits: + cpu: '2' + memory: 5Gi + requests: + cpu: '2' + memory: 5Gi + storage: + storageClassDeviceSets: + - count: 3 + encrypted: true + name: cluster + placement: {} + portable: false + tuneFastDeviceClass: false + volumeClaimTemplates: + - spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1 + storageClassName: localblock + volumeMode: Block + useAllDevices: false + useAllNodes: false diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_configoverride.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_configoverride.yaml new file mode 100644 index 00000000..44e1dd5d --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_configoverride.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + config: | + [global] + mon_data_avail_warn = 15 + mon_osd_backfillfull_ratio = 0.8 + mon_osd_full_ratio = 0.85 + mon_osd_nearfull_ratio = 0.75 +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-config-override + name: rook-config-override + name: rook-config-override + namespace: syn-rook-ceph-cluster diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_rbac.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_rbac.yaml new file mode 100644 index 00000000..03cc4bd2 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_rbac.yaml @@ -0,0 +1,321 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-cmd-reporter + name: rook-ceph-cmd-reporter + name: rook-ceph-cmd-reporter + namespace: syn-rook-ceph-cluster +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-mgr + name: rook-ceph-mgr + name: rook-ceph-mgr + namespace: syn-rook-ceph-cluster +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-osd + name: rook-ceph-osd + name: rook-ceph-osd + namespace: syn-rook-ceph-cluster +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-cmd-reporter + name: rook-ceph-cmd-reporter + name: rook-ceph-cmd-reporter + namespace: syn-rook-ceph-cluster +rules: + - apiGroups: + - '' + resources: + - pods + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-mgr + name: rook-ceph-mgr + name: rook-ceph-mgr + namespace: syn-rook-ceph-cluster +rules: + - apiGroups: + - '' + resources: + - pods + - services + - pods/log + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - ceph.rook.io + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-monitoring + name: rook-ceph-monitoring + name: rook-ceph-monitoring + namespace: syn-rook-ceph-cluster +rules: + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - list + - watch + - create + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-osd + name: rook-ceph-osd + name: rook-ceph-osd + namespace: syn-rook-ceph-cluster +rules: + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - ceph.rook.io + resources: + - cephclusters + - cephclusters/finalizers + verbs: + - get + - list + - create + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-cluster-mgmt + name: rook-ceph-cluster-mgmt + name: rook-ceph-cluster-mgmt + namespace: syn-rook-ceph-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-cluster-mgmt +subjects: + - kind: ServiceAccount + name: rook-ceph-system + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-osd + name: rook-ceph-osd + name: rook-ceph-osd + namespace: syn-rook-ceph-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-osd +subjects: + - kind: ServiceAccount + name: rook-ceph-osd + namespace: syn-rook-ceph-cluster +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-mgr + name: rook-ceph-mgr + name: rook-ceph-mgr + namespace: syn-rook-ceph-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-mgr +subjects: + - kind: ServiceAccount + name: rook-ceph-mgr + namespace: syn-rook-ceph-cluster +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-mgr-system-cluster + name: rook-ceph-mgr-system-cluster + name: rook-ceph-mgr-system-cluster + namespace: syn-rook-ceph-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-mgr-system +subjects: + - kind: ServiceAccount + name: rook-ceph-mgr + namespace: syn-rook-ceph-cluster +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-cmd-reporter + name: rook-ceph-cmd-reporter + name: rook-ceph-cmd-reporter + namespace: syn-rook-ceph-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-cmd-reporter +subjects: + - kind: ServiceAccount + name: rook-ceph-cmd-reporter + namespace: syn-rook-ceph-cluster +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-monitoring + name: rook-ceph-monitoring + name: rook-ceph-monitoring + namespace: syn-rook-ceph-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-monitoring +subjects: + - kind: ServiceAccount + name: rook-ceph-system + namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-mgr-cluster-cluster + name: rook-ceph-mgr-cluster-cluster + name: rook-ceph-mgr-cluster-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-mgr-cluster +subjects: + - kind: ServiceAccount + name: rook-ceph-mgr + namespace: syn-rook-ceph-cluster +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-osd-cluster + name: rook-ceph-osd-cluster + name: rook-ceph-osd-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-osd +subjects: + - kind: ServiceAccount + name: rook-ceph-osd + namespace: syn-rook-ceph-cluster diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml new file mode 100644 index 00000000..fb1cb7b6 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml @@ -0,0 +1,150 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-tools + name: rook-ceph-tools + name: rook-ceph-tools + namespace: syn-rook-ceph-cluster +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-tools + name: rook-ceph-tools + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-ceph-tools + name: rook-ceph-tools + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/storage + operator: Exists + containers: + - command: + - /bin/bash + - -c + - | + # Replicate the script from toolbox.sh inline so the ceph image + # can be run directly, instead of requiring the rook toolbox + CEPH_CONFIG="/etc/ceph/ceph.conf" + MON_CONFIG="/etc/rook/mon-endpoints" + KEYRING_FILE="/etc/ceph/keyring" + + # create a ceph config file in its default location so ceph/rados tools can be used + # without specifying any arguments + write_endpoints() { + endpoints=$(cat ${MON_CONFIG}) + + # filter out the mon names + # external cluster can have numbers or hyphens in mon names, handling them in regex + # shellcheck disable=SC2001 + mon_endpoints=$(echo "${endpoints}"| sed 's/[a-z0-9_-]\+=//g') + + DATE=$(date) + echo "$DATE writing mon endpoints to ${CEPH_CONFIG}: ${endpoints}" + cat < ${CEPH_CONFIG} + [global] + mon_host = ${mon_endpoints} + + [client.admin] + keyring = ${KEYRING_FILE} + EOF + } + + # watch the endpoints config file and update if the mon endpoints ever change + watch_endpoints() { + # get the timestamp for the target of the soft link + real_path=$(realpath ${MON_CONFIG}) + initial_time=$(stat -c %Z "${real_path}") + while true; do + real_path=$(realpath ${MON_CONFIG}) + latest_time=$(stat -c %Z "${real_path}") + + if [[ "${latest_time}" != "${initial_time}" ]]; then + write_endpoints + initial_time=${latest_time} + fi + + sleep 10 + done + } + + # read the secret from an env var (for backward compatibility), or from the secret file + ceph_secret=${ROOK_CEPH_SECRET} + if [[ "$ceph_secret" == "" ]]; then + ceph_secret=$(cat /var/lib/rook-ceph-mon/secret.keyring) + fi + + # create the keyring file + cat < ${KEYRING_FILE} + [${ROOK_CEPH_USERNAME}] + key = ${ceph_secret} + EOF + + # write the initial config file + write_endpoints + + # continuously update the mon endpoints if they fail over + watch_endpoints + env: + - name: ROOK_CEPH_USERNAME + valueFrom: + secretKeyRef: + key: ceph-username + name: rook-ceph-mon + image: docker.io/rook/ceph:v1.12.7 + imagePullPolicy: IfNotPresent + name: rook-ceph-tools + securityContext: + capabilities: + drop: + - ALL + runAsGroup: 2016 + runAsNonRoot: true + runAsUser: 2016 + tty: true + volumeMounts: + - mountPath: /etc/ceph + name: ceph-config + - mountPath: /etc/rook + name: mon-endpoint-volume + - mountPath: /var/lib/rook-ceph-mon + name: ceph-admin-secret + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + tolerations: + - key: storagenode + operator: Exists + volumes: + - name: ceph-admin-secret + secret: + items: + - key: ceph-secret + path: secret.keyring + optional: false + secretName: rook-ceph-mon + - configMap: + items: + - key: data + path: mon-endpoints + name: rook-ceph-mon-endpoints + name: mon-endpoint-volume + - emptyDir: {} + name: ceph-config diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/20_storagepools.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/20_storagepools.yaml new file mode 100644 index 00000000..37c567cf --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/20_storagepools.yaml @@ -0,0 +1,69 @@ +apiVersion: ceph.rook.io/v1 +kind: CephFilesystem +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: fspool + name: fspool + name: fspool + namespace: syn-rook-ceph-cluster +spec: + dataPools: + - failureDomain: host + parameters: + compression_mode: none + target_size_ratio: '0.8' + replicated: + requireSafeReplicaSize: true + size: 3 + metadataPool: + parameters: + compression_mode: none + target_size_ratio: '0.2' + replicated: + requireSafeReplicaSize: true + size: 3 + metadataServer: + activeCount: 1 + activeStandby: true + placement: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/storage + operator: Exists + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - rook-ceph-mds + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - rook-ceph-mds + topologyKey: kubernetes.io/hostname + tolerations: + - key: storagenode + operator: Exists + resources: + limits: + cpu: '1' + memory: 4Gi + requests: + cpu: '1' + memory: 4Gi + mirroring: + enabled: false + preserveFilesystemOnDelete: true diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/30_snapshotclasses.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/30_snapshotclasses.yaml new file mode 100644 index 00000000..60ce1581 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/30_snapshotclasses.yaml @@ -0,0 +1,14 @@ +apiVersion: snapshot.storage.k8s.io/v1 +deletionPolicy: Delete +driver: syn-rook-ceph-operator.cephfs.csi.ceph.com +kind: VolumeSnapshotClass +metadata: + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: rook-cephfs-cluster + name: rook-cephfs-cluster +parameters: + clusterID: syn-rook-ceph-cluster + csi.storage.k8s.io/snapshotter-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/snapshotter-secret-namespace: syn-rook-ceph-cluster diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/30_storageclasses.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/30_storageclasses.yaml new file mode 100644 index 00000000..2dc4ad3c --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/30_storageclasses.yaml @@ -0,0 +1,24 @@ +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: cephfs-fspool-cluster + name: cephfs-fspool-cluster + name: cephfs-fspool-cluster +mountOptions: [] +parameters: + clusterID: syn-rook-ceph-cluster + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: syn-rook-ceph-cluster + csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node + csi.storage.k8s.io/node-stage-secret-namespace: syn-rook-ceph-cluster + csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: syn-rook-ceph-cluster + fsName: fspool + pool: fspool-data0 +provisioner: syn-rook-ceph-operator.cephfs.csi.ceph.com +reclaimPolicy: Delete diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/40_alertrules.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/40_alertrules.yaml new file mode 100644 index 00000000..4ee034d1 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/40_alertrules.yaml @@ -0,0 +1,492 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: syn-prometheus-ceph-rules + prometheus: rook-prometheus + role: alert-rules + name: syn-prometheus-ceph-rules + namespace: syn-rook-ceph-cluster +spec: + groups: + - name: cluster health + rules: + - alert: SYN_CephHealthError + annotations: + description: The cluster state has been HEALTH_ERROR for more than 5 minutes. + Please check 'ceph health detail' for more information. + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephHealthError.html + summary: Ceph is in the ERROR state + expr: ceph_health_status == 2 + for: 5m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.2.1 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephHealthWarning + annotations: + description: The cluster state has been HEALTH_WARN for more than 15 minutes. + Please check 'ceph health detail' for more information. + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephHealthWarning.html + summary: Ceph is in the WARNING state + expr: ceph_health_status == 1 + for: 15m + labels: + severity: warning + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: mon + rules: + - alert: SYN_CephMonDownQuorumAtRisk + annotations: + description: '{{ $min := query "floor(count(ceph_mon_metadata) / 2) + + 1" | first | value }}Quorum requires a majority of monitors (x {{ $min + }}) to be active. Without quorum the cluster will become inoperable, + affecting all services and connected clients. The following monitors + are down: {{- range query "(ceph_mon_quorum_status == 0) + on(ceph_daemon) + group_left(hostname) (ceph_mon_metadata * 0)" }} - {{ .Labels.ceph_daemon + }} on {{ .Labels.hostname }} {{- end }}' + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-down + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephMonDownQuorumAtRisk.html + summary: Monitor quorum is at risk + expr: | + ( + (ceph_health_detail{name="MON_DOWN"} == 1) * on() ( + count(ceph_mon_quorum_status == 1) == bool (floor(count(ceph_mon_metadata) / 2) + 1) + ) + ) == 1 + for: 30s + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.3.1 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephMonDown + annotations: + description: | + {{ $down := query "count(ceph_mon_quorum_status == 0)" | first | value }}{{ $s := "" }}{{ if gt $down 1.0 }}{{ $s = "s" }}{{ end }}You have {{ $down }} monitor{{ $s }} down. Quorum is still intact, but the loss of an additional monitor will make your cluster inoperable. The following monitors are down: {{- range query "(ceph_mon_quorum_status == 0) + on(ceph_daemon) group_left(hostname) (ceph_mon_metadata * 0)" }} - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} {{- end }} + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-down + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephMonDown.html + summary: One or more monitors down + expr: | + count(ceph_mon_quorum_status == 0) <= (count(ceph_mon_metadata) - floor(count(ceph_mon_metadata) / 2) + 1) + for: 30s + labels: + severity: warning + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: osd + rules: + - alert: SYN_CephOSDDown + annotations: + description: | + {{ $num := query "count(ceph_osd_up == 0)" | first | value }}{{ $s := "" }}{{ if gt $num 1.0 }}{{ $s = "s" }}{{ end }}{{ $num }} OSD{{ $s }} down for over 5mins. The following OSD{{ $s }} {{ if eq $s "" }}is{{ else }}are{{ end }} down: {{- range query "(ceph_osd_up * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) == 0"}} - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} {{- end }} + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-down + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephOSDDown.html + summary: An OSD has been marked down + expr: ceph_health_detail{name="OSD_DOWN"} == 1 + for: 5m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.4.2 + severity: warning + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephOSDFull + annotations: + description: An OSD has reached the FULL threshold. Writes to pools that + share the affected OSD will be blocked. Use 'ceph health detail' and + 'ceph osd df' to identify the problem. To resolve, add capacity to the + affected OSD's failure domain, restore down/out OSDs, or delete unwanted + data. + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-full + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephOSDFull.html + summary: OSD full, writes blocked + expr: ceph_health_detail{name="OSD_FULL"} > 0 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.4.6 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephOSDFlapping + annotations: + description: OSD {{ $labels.ceph_daemon }} on {{ $labels.hostname }} was + marked down and back up {{ $value | humanize }} times once a minute + for 5 minutes. This may indicate a network issue (latency, packet loss, + MTU mismatch) on the cluster network, or the public network if no cluster + network is deployed. Check the network stats on the listed host(s). + documentation: https://docs.ceph.com/en/latest/rados/troubleshooting/troubleshooting-osd#flapping-osds + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephOSDFlapping.html + summary: Network issues are causing OSDs to flap (mark each other down) + expr: (rate(ceph_osd_up[5m]) * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) + * 60 > 1 + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.4.4 + severity: warning + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: mds + rules: + - alert: SYN_CephFilesystemDamaged + annotations: + description: Filesystem metadata has been corrupted. Data may be inaccessible. + Analyze metrics from the MDS daemon admin socket, or escalate to support. + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages#cephfs-health-messages + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephFilesystemDamaged.html + summary: CephFS filesystem is damaged. + expr: ceph_health_detail{name="MDS_DAMAGE"} > 0 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.5.1 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephFilesystemOffline + annotations: + description: All MDS ranks are unavailable. The MDS daemons managing metadata + are down, rendering the filesystem offline. + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-all-down + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephFilesystemOffline.html + summary: CephFS filesystem is offline + expr: ceph_health_detail{name="MDS_ALL_DOWN"} > 0 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.5.3 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephFilesystemDegraded + annotations: + description: One or more metadata daemons (MDS ranks) are failed or in + a damaged state. At best the filesystem is partially available, at worst + the filesystem is completely unusable. + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#fs-degraded + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephFilesystemDegraded.html + summary: CephFS filesystem is degraded + expr: ceph_health_detail{name="FS_DEGRADED"} > 0 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.5.4 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephFilesystemFailureNoStandby + annotations: + description: An MDS daemon has failed, leaving only one active rank and + no available standby. Investigate the cause of the failure or add a + standby MDS. + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#fs-with-failed-mds + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephFilesystemFailureNoStandby.html + summary: MDS daemon failed, no further standby available + expr: ceph_health_detail{name="FS_WITH_FAILED_MDS"} > 0 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.5.5 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephFilesystemReadOnly + annotations: + description: The filesystem has switched to READ ONLY due to an unexpected + error when writing to the metadata pool. Either analyze the output from + the MDS daemon admin socket, or escalate to support. + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages#cephfs-health-messages + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephFilesystemReadOnly.html + summary: CephFS filesystem in read only mode due to write error(s) + expr: ceph_health_detail{name="MDS_HEALTH_READ_ONLY"} > 0 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.5.2 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: mgr + rules: + - alert: SYN_CephMgrModuleCrash + annotations: + description: One or more mgr modules have crashed and have yet to be acknowledged + by an administrator. A crashed module may impact functionality within + the cluster. Use the 'ceph crash' command to determine which module + has failed, and archive it to acknowledge the failure. + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#recent-mgr-module-crash + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephMgrModuleCrash.html + summary: A manager module has recently crashed + expr: ceph_health_detail{name="RECENT_MGR_MODULE_CRASH"} == 1 + for: 5m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.6.1 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephMgrPrometheusModuleInactive + annotations: + description: The mgr/prometheus module at {{ $labels.instance }} is unreachable. + This could mean that the module has been disabled or the mgr daemon + itself is down. Without the mgr/prometheus module metrics and alerts + will no longer function. Open a shell to an admin node or toolbox pod + and use 'ceph -s' to to determine whether the mgr is active. If the + mgr is not active, restart it, otherwise you can determine module status + with 'ceph mgr module ls'. If it is not listed as enabled, enable it + with 'ceph mgr module enable prometheus'. + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephMgrPrometheusModuleInactive.html + summary: The mgr/prometheus module is not available + expr: up{job="ceph"} == 0 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.6.2 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: pgs + rules: + - alert: SYN_CephPGsInactive + annotations: + description: '{{ $value }} PGs have been inactive for more than 5 minutes + in pool {{ $labels.name }}. Inactive placement groups are not able to + serve read/write requests.' + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGsInactive.html + summary: One or more placement groups are inactive + expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total + - ceph_pg_active) > 0 + for: 5m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.7.1 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephPGsDamaged + annotations: + description: During data consistency checks (scrub), at least one PG has + been flagged as being damaged or inconsistent. Check to see which PG + is affected, and attempt a manual repair if necessary. To list problematic + placement groups, use 'rados list-inconsistent-pg '. To repair + PGs use the 'ceph pg repair ' command. + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-damaged + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGsDamaged.html + summary: Placement group damaged, manual intervention needed + expr: ceph_health_detail{name=~"PG_DAMAGED|OSD_SCRUB_ERRORS"} == 1 + for: 5m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.7.4 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephPGRecoveryAtRisk + annotations: + description: Data redundancy is at risk since one or more OSDs are at + or above the 'full' threshold. Add more capacity to the cluster, restore + down/out OSDs, or delete unwanted data. + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-recovery-full + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGRecoveryAtRisk.html + summary: OSDs are too full for recovery + expr: ceph_health_detail{name="PG_RECOVERY_FULL"} == 1 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.7.5 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephPGUnavailableBlockingIO + annotations: + description: Data availability is reduced, impacting the cluster's ability + to service I/O. One or more placement groups (PGs) are in a state that + blocks I/O. + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-availability + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGUnavailableBlockingIO.html + summary: PG is unavailable, blocking I/O + expr: ((ceph_health_detail{name="PG_AVAILABILITY"} == 1) - scalar(ceph_health_detail{name="OSD_DOWN"})) + == 1 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.7.3 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephPGBackfillAtRisk + annotations: + description: Data redundancy may be at risk due to lack of free space + within the cluster. One or more OSDs have reached the 'backfillfull' + threshold. Add more capacity, or delete unwanted data. + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-backfill-full + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGBackfillAtRisk.html + summary: Backfill operations are blocked due to lack of free space + expr: ceph_health_detail{name="PG_BACKFILL_FULL"} == 1 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.7.6 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: nodes + rules: + - alert: SYN_CephNodeRootFilesystemFull + annotations: + description: 'Root volume is dangerously full: {{ $value | humanize }}% + free.' + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephNodeRootFilesystemFull.html + summary: Root filesystem is dangerously full + expr: node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} + * 100 < 5 + for: 5m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.8.1 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - alert: SYN_CephNodeNetworkBondDegraded + annotations: + description: Bond {{ $labels.master }} is degraded on Node {{ $labels.instance + }}. + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephNodeNetworkBondDegraded.html + summary: Degraded Bond on Node {{ $labels.instance }} + expr: | + node_bonding_slaves - node_bonding_active != 0 + labels: + severity: warning + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: pools + rules: + - alert: SYN_CephPoolFull + annotations: + description: A pool has reached its MAX quota, or OSDs supporting the + pool have reached the FULL threshold. Until this is resolved, writes + to the pool will be blocked. Pool Breakdown (top 5) {{- range query + "topk(5, sort_desc(ceph_pool_percent_used * on(pool_id) group_right + ceph_pool_metadata))" }} - {{ .Labels.name }} at {{ .Value }}% {{- end + }} Increase the pool's quota, or add capacity to the cluster first then + increase the pool's quota (e.g. ceph osd pool set quota + max_bytes ) + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pool-full + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPoolFull.html + summary: Pool is full - writes are blocked + expr: ceph_health_detail{name="POOL_FULL"} > 0 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.9.1 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: healthchecks + rules: + - alert: SYN_CephDaemonSlowOps + annotations: + description: '{{ $labels.ceph_daemon }} operations are taking too long + to process (complaint time exceeded)' + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#slow-ops + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephDaemonSlowOps.html + summary: '{{ $labels.ceph_daemon }} operations are slow to complete' + expr: ceph_daemon_health_metrics{type="SLOW_OPS"} > 0 + for: 30s + labels: + severity: warning + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: rados + rules: + - alert: SYN_CephObjectMissing + annotations: + description: The latest version of a RADOS object can not be found, even + though all OSDs are up. I/O requests for this object from clients will + block (hang). Resolving this issue may require the object to be rolled + back to a prior version manually, and manually verified. + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#object-unfound + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephObjectMissing.html + summary: Object(s) marked UNFOUND + expr: (ceph_health_detail{name="OBJECT_UNFOUND"} == 1) * on() (count(ceph_osd_up + == 1) == bool count(ceph_osd_metadata)) == 1 + for: 30s + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.10.1 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: generic + rules: + - alert: SYN_CephDaemonCrash + annotations: + description: One or more daemons have crashed recently, and need to be + acknowledged. This notification ensures that software crashes do not + go unseen. To acknowledge a crash, use the 'ceph crash archive ' + command. + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks/#recent-crash + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephDaemonCrash.html + summary: One or more Ceph daemons have crashed, and are pending acknowledgement + expr: ceph_health_detail{name="RECENT_CRASH"} == 1 + for: 1m + labels: + oid: 1.3.6.1.4.1.50495.1.2.1.1.2 + severity: critical + syn: 'true' + syn_component: rook-ceph + type: ceph_default + - name: syn-rook-ceph-additional.rules + rules: + - alert: RookCephOperatorScaledDown + annotations: + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/RookCephOperatorScaledDown.html + summary: rook-ceph operator scaled to 0 for more than 1 hour. + expr: kube_deployment_spec_replicas{deployment="rook-ceph-operator", namespace="syn-rook-ceph-operator"} + == 0 + for: 1h + labels: + severity: warning + syn: 'true' + syn_component: rook-ceph + - expr: sum(ceph_mon_num_sessions{}) + record: ceph_mon_num_sessions:sum + - expr: count(ceph_mon_quorum_status{}) + record: ceph_mon_quorum_status:count + - expr: avg(ceph_osd_apply_latency_ms{}) + record: ceph_osd_apply_latency_ms:avg + - expr: avg(ceph_osd_commit_latency_ms{}) + record: ceph_osd_commit_latency_ms:avg + - expr: sum(ceph_osd_numpg{}) + record: ceph_osd_numpg:sum + - expr: sum(rate(ceph_osd_op_r{}[5m])) + record: ceph_osd_op_r:rate5m + - expr: avg(rate(ceph_osd_op_r_latency_sum{}[5m]) / rate(ceph_osd_op_r_latency_count{}[5m]) + >= 0) + record: ceph_osd_op_r_latency:avg5m + - expr: sum(rate(ceph_osd_op_r_out_bytes{}[5m])) + record: ceph_osd_op_r_out_bytes:rate5m + - expr: sum(ceph_osd_op_r_out_bytes{}) + record: ceph_osd_op_r_out_bytes:sum + - expr: sum(rate(ceph_osd_op_w{}[5m])) + record: ceph_osd_op_w:rate5m + - expr: sum(rate(ceph_osd_op_w_in_bytes{}[5m])) + record: ceph_osd_op_w_in_bytes:rate5m + - expr: sum(ceph_osd_op_w_in_bytes{}) + record: ceph_osd_op_w_in_bytes:sum + - expr: avg(rate(ceph_osd_op_w_latency_sum{}[5m]) / rate(ceph_osd_op_w_latency_count{}[5m]) + >= 0) + record: ceph_osd_op_w_latency:avg5m + - expr: sum(ceph_pool_objects{}) + record: ceph_pool_objects:sum diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/40_csi_driver_metrics.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/40_csi_driver_metrics.yaml new file mode 100644 index 00000000..dbd292fb --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/40_csi_driver_metrics.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: csi-metrics + team: rook + name: csi-metrics + namespace: syn-rook-ceph-operator +spec: + endpoints: + - interval: 5s + path: /metrics + port: csi-http-metrics + - interval: 5s + path: /metrics + port: csi-grpc-metrics + namespaceSelector: + matchNames: + - syn-rook-ceph-operator + selector: + matchLabels: + app: csi-metrics diff --git a/tests/golden/cephfs/rook-ceph/rook-ceph/99_cleanup.yaml b/tests/golden/cephfs/rook-ceph/rook-ceph/99_cleanup.yaml new file mode 100644 index 00000000..53c72777 --- /dev/null +++ b/tests/golden/cephfs/rook-ceph/rook-ceph/99_cleanup.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: cleanup-alertrules + name: cleanup-alertrules + name: cleanup-alertrules + namespace: syn-rook-ceph-cluster +rules: + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + verbs: + - delete +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: cleanup-alertrules + name: cleanup-alertrules + name: cleanup-alertrules + namespace: syn-rook-ceph-cluster +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: cleanup-alertrules + name: cleanup-alertrules + name: cleanup-alertrules + namespace: syn-rook-ceph-cluster +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cleanup-alertrules +subjects: + - kind: ServiceAccount + name: cleanup-alertrules + namespace: syn-rook-ceph-cluster +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: HookSucceeded + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: cleanup-alertrules + name: cleanup-alertrules + name: cleanup-alertrules + namespace: syn-rook-ceph-cluster +spec: + completions: 1 + parallelism: 1 + template: + metadata: + labels: + app.kubernetes.io/component: rook-ceph + app.kubernetes.io/managed-by: commodore + app.kubernetes.io/name: cleanup-alertrules + name: cleanup-alertrules + spec: + containers: + - args: + - -n + - syn-rook-ceph-cluster + - delete + - --ignore-not-found + - prometheusrules.monitoring.coreos.com + - prometheus-ceph-v16-rules + command: + - kubectl + env: + - name: HOME + value: /home + image: docker.io/bitnami/kubectl:1.28.3@sha256:1364cda0798b2c44f327265397fbd34a32e66d80328d6e50a2d10377d7e2ff6d + imagePullPolicy: IfNotPresent + name: cleanup-alertrules + ports: [] + stdin: false + tty: false + volumeMounts: + - mountPath: /home + name: home + workingDir: /home + imagePullSecrets: [] + initContainers: [] + restartPolicy: OnFailure + serviceAccountName: cleanup-alertrules + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: home diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml index 41c5cc15..4c233042 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-osd @@ -18,7 +18,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-mgr @@ -31,7 +31,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-cmd-reporter @@ -50,7 +50,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-rgw @@ -180,6 +180,7 @@ rules: - cephfilesystemmirrors - cephfilesystemsubvolumegroups - cephblockpoolradosnamespaces + - cephcosidrivers verbs: - get - list diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml index 0207d92c..dd670bb9 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system @@ -33,6 +33,23 @@ rules: - get - delete - update + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - get + - update + - delete + - watch + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -41,7 +58,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-cluster-mgmt @@ -74,7 +91,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-global @@ -147,6 +164,7 @@ rules: - cephfilesystemmirrors - cephfilesystemsubvolumegroups - cephblockpoolradosnamespaces + - cephcosidrivers verbs: - get - list @@ -261,7 +279,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-mgr-cluster @@ -317,7 +335,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-object-bucket @@ -518,7 +536,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rbd-csi-nodeplugin @@ -724,3 +742,52 @@ rules: - get - list - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner-role +rules: + - apiGroups: + - objectstorage.k8s.io + resources: + - buckets + - bucketaccesses + - bucketclaims + - bucketaccessclasses + - buckets/status + - bucketaccesses/status + - bucketclaims/status + - bucketaccessclasses/status + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - '' + resources: + - secrets + - events + verbs: + - get + - delete + - update + - create diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml index 4af00476..b55dd722 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system @@ -25,7 +25,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-global @@ -102,3 +102,20 @@ subjects: - kind: ServiceAccount name: rook-csi-rbd-provisioner-sa namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: objectstorage-provisioner-role +subjects: + - kind: ServiceAccount + name: objectstorage-provisioner + namespace: syn-rook-ceph-operator diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml index 142ee3fb..05ce7905 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml @@ -226,7 +226,7 @@ data: cpu: 100m ROOK_CEPH_ALLOW_LOOP_DEVICES: 'false' ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: '15' - ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.5.0 + ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.7.0 ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.9.0 ROOK_CSI_ENABLE_CEPHFS: 'false' ROOK_CSI_ENABLE_GRPC_METRICS: 'true' @@ -234,6 +234,7 @@ data: ROOK_CSI_ENABLE_RBD: 'true' ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent ROOK_DISABLE_ADMISSION_CONTROLLER: 'true' + ROOK_ENABLE_DISCOVERY_DAEMON: 'false' ROOK_LOG_LEVEL: INFO ROOK_OBC_WATCH_OPERATOR_NAMESPACE: 'true' kind: ConfigMap diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml index 234d4848..bc323731 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-operator @@ -20,7 +20,7 @@ spec: metadata: labels: app: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 spec: containers: - args: @@ -33,10 +33,8 @@ spec: value: 'false' - name: ROOK_DISABLE_DEVICE_HOTPLUG value: 'false' - - name: DISCOVER_DAEMON_UDEV_BLACKLIST - value: '' - - name: ROOK_ENABLE_DISCOVERY_DAEMON - value: 'false' + - name: ROOK_DISCOVER_DEVICES_INTERVAL + value: 60m - name: NODE_NAME valueFrom: fieldRef: @@ -49,7 +47,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/rook/ceph:v1.11.11 + image: docker.io/rook/ceph:v1.12.7 imagePullPolicy: IfNotPresent name: rook-ceph-operator ports: diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml index 0a39b34c..65c3cca7 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml @@ -1095,6 +1095,13 @@ spec: maximum: 65535 minimum: 0 type: integer + prometheusEndpoint: + description: Endpoint for the Prometheus host + type: string + prometheusEndpointSSLVerify: + description: Whether to verify the ssl endpoint for prometheus. + Set to false for a self-signed cert. + type: boolean ssl: description: SSL determines whether SSL should be used type: boolean @@ -1240,8 +1247,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -1275,7 +1281,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -1408,8 +1417,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -1443,7 +1451,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -1579,8 +1590,8 @@ spec: on the same node (not recommended) type: boolean count: - description: Count is the number of manager to run - maximum: 2 + description: Count is the number of manager daemons to run + maximum: 5 minimum: 0 type: integer modules: @@ -1614,6 +1625,8 @@ spec: maximum: 9 minimum: 0 type: integer + failureDomainLabel: + type: string stretchCluster: description: StretchCluster is the stretch cluster specification properties: @@ -1628,12 +1641,12 @@ spec: zones: description: Zones is the list of zones items: - description: StretchClusterZoneSpec represents the specification - of a stretched zone in a Ceph Cluster + description: MonZoneSpec represents the specification + of a zone in a Ceph Cluster properties: arbiter: description: Arbiter determines if the zone contains - the arbiter + the arbiter used for stretch cluster mode type: boolean name: description: Name is the name of the zone @@ -1852,7 +1865,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -1936,6 +1950,62 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update with ClaimResourceStatus + for a resource that it does not recognizes, + then it should ignore that update and + let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either:\ + \ * Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must\ + \ use implementation-defined prefixed names\ + \ such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are\ + \ unprefixed or have kubernetes.io prefix\ + \ are considered reserved and hence may\ + \ not be used. \n ClaimResourceStatus can\ + \ be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane.\ + \ - ControllerResizeFailed: State set when\ + \ resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending:\ + \ State set when resize controller has finished\ + \ resizing the volume but further resizing\ + \ of volume is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing\ + \ the volume. - NodeResizeFailed: State\ + \ set when resizing has failed in kubelet\ + \ with a terminal error. Transient errors\ + \ don't set NodeResizeFailed. For example:\ + \ if expanding a PVC for more capacity -\ + \ this field can be one of the following\ + \ states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field\ + \ is not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A\ + \ controller that receives PVC update with\ + \ previously unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing\ + \ capacity of the volume, should ignore\ + \ PVC updates that change other valid resources\ + \ associated with PVC. \n This is an alpha\ + \ field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -1943,22 +2013,40 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may - be larger than the actual capacity when - a volume expansion operation is requested. - For storage quota, the larger value from - allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, - PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity - request is lowered, allocatedResources is - only lowered if there are no expansion operations - in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including\ + \ its capacity. Key names follow standard\ + \ Kubernetes label syntax. Valid values\ + \ are either: * Un-prefixed keys: - storage\ + \ - the capacity of the volume. * Custom\ + \ resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are\ + \ unprefixed or have kubernetes.io prefix\ + \ are considered reserved and hence may\ + \ not be used. \n Capacity reported here\ + \ may be larger than the actual capacity\ + \ when a volume expansion operation is requested.\ + \ For storage quota, the larger value from\ + \ allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not\ + \ set, PVC.spec.resources alone is used\ + \ for quota calculation. If a volume expansion\ + \ capacity request is lowered, allocatedResources\ + \ is only lowered if there are no expansion\ + \ operations in progress and if the actual\ + \ volume capacity is equal or lower than\ + \ the requested capacity. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName should ignore the\ + \ update for the purpose it was designed.\ + \ For example - a controller that only is\ + \ responsible for resizing capacity of the\ + \ volume, should ignore PVC updates that\ + \ change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." type: object capacity: additionalProperties: @@ -1977,7 +2065,7 @@ spec: the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -2018,15 +2106,6 @@ spec: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of - resize operation. ResizeStatus is not set - by default but when expansion is complete - resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha - field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -2223,7 +2302,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2298,6 +2378,54 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status\ + \ of resource being resized for the given PVC. Key\ + \ names follow standard Kubernetes label syntax. Valid\ + \ values are either: * Un-prefixed keys: - storage\ + \ - the capacity of the volume. * Custom resources\ + \ must use implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart from\ + \ above values - keys that are unprefixed or have\ + \ kubernetes.io prefix are considered reserved and\ + \ hence may not be used. \n ClaimResourceStatus can\ + \ be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending: State\ + \ set when resize controller has finished resizing\ + \ the volume but further resizing of volume is needed\ + \ on the node. - NodeResizeInProgress: State set when\ + \ kubelet starts resizing the volume. - NodeResizeFailed:\ + \ State set when resizing has failed in kubelet with\ + \ a terminal error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more capacity\ + \ - this field can be one of the following states:\ + \ - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is not set,\ + \ it means that no resize operation is in progress\ + \ for the given PVC. \n A controller that receives\ + \ PVC update with previously unknown resourceName\ + \ or ClaimResourceStatus should ignore the update\ + \ for the purpose it was designed. For example - a\ + \ controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -2305,19 +2433,33 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if - there are no expansion operations in progress and - if the actual volume capacity is equal or lower than - the requested capacity. This is an alpha field and - requires enabling RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity. Key names\ + \ follow standard Kubernetes label syntax. Valid values\ + \ are either: * Un-prefixed keys: - storage - the\ + \ capacity of the volume. * Custom resources must\ + \ use implementation-defined prefixed names such as\ + \ \"example.com/my-custom-resource\" Apart from above\ + \ values - keys that are unprefixed or have kubernetes.io\ + \ prefix are considered reserved and hence may not\ + \ be used. \n Capacity reported here may be larger\ + \ than the actual capacity when a volume expansion\ + \ operation is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set, PVC.spec.resources\ + \ alone is used for quota calculation. If a volume\ + \ expansion capacity request is lowered, allocatedResources\ + \ is only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity is\ + \ equal or lower than the requested capacity. \n A\ + \ controller that receives PVC update with previously\ + \ unknown resourceName should ignore the update for\ + \ the purpose it was designed. For example - a controller\ + \ that only is responsible for resizing capacity of\ + \ the volume, should ignore PVC updates that change\ + \ other valid resources associated with PVC. \n This\ + \ is an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." type: object capacity: additionalProperties: @@ -2335,7 +2477,7 @@ spec: volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -2373,17 +2515,465 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by - resize controller or kubelet. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object x-kubernetes-preserve-unknown-fields: true + zones: + description: Zones are specified when we want to provide zonal + awareness to mons + items: + description: MonZoneSpec represents the specification of a + zone in a Ceph Cluster + properties: + arbiter: + description: Arbiter determines if the zone contains the + arbiter used for stretch cluster mode + type: boolean + name: + description: Name is the name of the zone + type: string + volumeClaimTemplate: + description: VolumeClaimTemplate is the PVC template + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics + of a volume requested by a pod author. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may be + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity + recorded in the status field of the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are\ + \ used by this container. \n This is an\ + \ alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only\ + \ be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual + access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, then + it should ignore that update and let other + controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the given\ + \ PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: * Un-prefixed\ + \ keys: - storage - the capacity of the volume.\ + \ * Custom resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize\ + \ controller with a terminal error. - NodeResizePending:\ + \ State set when resize controller has finished\ + \ resizing the volume but further resizing of\ + \ volume is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more capacity\ + \ - this field can be one of the following states:\ + \ - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously unknown\ + \ resourceName or ClaimResourceStatus should\ + \ ignore the update for the purpose it was designed.\ + \ For example - a controller that only is responsible\ + \ for resizing capacity of the volume, should\ + \ ignore PVC updates that change other valid\ + \ resources associated with PVC. \n This is\ + \ an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity.\ + \ Key names follow standard Kubernetes label\ + \ syntax. Valid values are either: * Un-prefixed\ + \ keys: - storage - the capacity of the volume.\ + \ * Custom resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update with\ + \ previously unknown resourceName should ignore\ + \ the update for the purpose it was designed.\ + \ For example - a controller that only is responsible\ + \ for resizing capacity of the volume, should\ + \ ignore PVC updates that change other valid\ + \ resources associated with PVC. \n This is\ + \ an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition + of persistent volume claim. If underlying persistent + volume is being resized then the Condition will + be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition + contains details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last + transition. + type: string + reason: + description: reason is a unique, this should + be a short, machine understandable string + that gives the reason for condition's + last transition. If it reports "ResizeStarted" + that means the underlying persistent volume + is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array type: object monitoring: description: Prometheus based Monitoring settings @@ -2405,12 +2995,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be loopback - (127.0.0.0/8), link-local (169.254.0.0/16), or link-local - multicast ((224.0.0.0/24). IPv6 is also accepted but - not fully supported on all platforms. Also, certain - kubernetes components, like kube-proxy, are not IPv6 - ready. TODO: This should allow hostname or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or + fe80::/10), or link-local multicast (224.0.0.0/24 or + ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. This @@ -2486,6 +3074,38 @@ spec: description: Network related configuration nullable: true properties: + addressRanges: + description: AddressRanges specify a list of CIDRs that Rook + will apply to Ceph's 'public_network' and/or 'cluster_network' + configurations. This config section may be used for the "host" + or "multus" network providers. + nullable: true + properties: + cluster: + description: Cluster defines a list of CIDRs to use for + Ceph cluster network communication. + items: + description: "An IPv4 or IPv6 network CIDR. \n This naive\ + \ kubebuilder regex provides immediate feedback for\ + \ some typos and for a common problem case where the\ + \ range spec is forgotten (e.g., /24). Rook does in-depth\ + \ validation in code." + pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ + type: string + type: array + public: + description: Public defines a list of CIDRs to use for Ceph + public network communication. + items: + description: "An IPv4 or IPv6 network CIDR. \n This naive\ + \ kubebuilder regex provides immediate feedback for\ + \ some typos and for a common problem case where the\ + \ range spec is forgotten (e.g., /24). Rook does in-depth\ + \ validation in code." + pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ + type: string + type: array + type: object connections: description: Settings for network connections such as compression and encryption across the wire. @@ -2556,15 +3176,37 @@ spec: provider: description: Provider is what provides network connectivity to the cluster e.g. "host" or "multus" + enum: + - '' + - host + - multus nullable: true type: string selectors: additionalProperties: type: string - description: Selectors string values describe what networks - will be used to connect the cluster. Meanwhile the keys describe - each network respective responsibilities or any metadata storage - provider decide. + description: "Selectors define NetworkAttachmentDefinitions\ + \ to be used for Ceph public and/or cluster networks when\ + \ the \"multus\" network provider is used. This config section\ + \ is not used for other network providers. \n Valid keys are\ + \ \"public\" and \"cluster\". Refer to Ceph networking documentation\ + \ for more: https://docs.ceph.com/en/reef/rados/configuration/network-config-ref/\ + \ \n Refer to Multus network annotation documentation for\ + \ help selecting values: https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation\ + \ \n Rook will make a best-effort attempt to automatically\ + \ detect CIDR address ranges for given network attachment\ + \ definitions. Rook's methods are robust but may be imprecise\ + \ for sufficiently complicated networks. Rook's auto-detection\ + \ process obtains a new IP address lease for each CephCluster\ + \ reconcile. If Rook fails to detect, incorrectly detects,\ + \ only partially detects, or if underlying networks do not\ + \ support reusing old IP addresses, it is best to use the\ + \ 'addressRanges' config section to specify CIDR ranges for\ + \ the Ceph cluster. \n As a contrived example, one can use\ + \ a theoretical Kubernetes-wide network for Ceph client traffic\ + \ and a theoretical Rook-only network for Ceph replication\ + \ traffic as shown: selectors: public: \"default/cluster-fast-net\"\ + \ cluster: \"rook-ceph/ceph-backend-net\"" nullable: true type: object type: object @@ -3537,15 +4179,20 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with - labelSelector to select the group of existing pods - over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming pod labels - will be ignored. A null or empty list means only match - against labelSelector. + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be\ + \ calculated. The keys are used to lookup values from\ + \ the incoming pod labels, those key-value labels\ + \ are ANDed with labelSelector to select the group\ + \ of existing pods over which spreading will be calculated\ + \ for the incoming pod. The same key is forbidden\ + \ to exist in both MatchLabelKeys and LabelSelector.\ + \ MatchLabelKeys cannot be set when LabelSelector\ + \ isn't set. Keys that don't exist in the incoming\ + \ pod labels will be ignored. A null or empty list\ + \ means only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -3729,7 +4376,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object description: Resources set resource requests and limits @@ -3815,6 +4463,18 @@ spec: nullable: true type: array x-kubernetes-preserve-unknown-fields: true + flappingRestartIntervalHours: + description: FlappingRestartIntervalHours defines the time for + which the OSD pods, that failed with zero exit code, will + sleep before restarting. This is needed for OSD flapping where + OSD daemons are marked down more than 5 times in 600 seconds + by Ceph. Preventing the OSD pods to restart immediately in + such scenarios will prevent Rook from marking OSD as `up` + and thus peering of the PGs mapped to the OSD. User needs + to manually restart the OSD pod if they manage to fix the + underlying OSD flapping issue before the restart interval. + The sleep will be disabled if this interval is set to 0. + type: integer nodes: items: description: Node is a storage nodes @@ -3905,7 +4565,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -4126,7 +4787,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4210,6 +4872,60 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, + then it should ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane. -\ + \ ControllerResizeFailed: State set when resize\ + \ has failed in resize controller with a terminal\ + \ error. - NodeResizePending: State set when\ + \ resize controller has finished resizing\ + \ the volume but further resizing of volume\ + \ is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more\ + \ capacity - this field can be one of the\ + \ following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -4217,21 +4933,38 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume - expansion operation is requested. For storage - quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used - for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources - is only lowered if there are no expansion - operations in progress and if the actual volume - capacity is equal or lower than the requested - capacity. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including its\ + \ capacity. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update\ + \ with previously unknown resourceName should\ + \ ignore the update for the purpose it was\ + \ designed. For example - a controller that\ + \ only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." type: object capacity: additionalProperties: @@ -4250,7 +4983,7 @@ spec: Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -4291,14 +5024,6 @@ spec: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default - but when expansion is complete resizeStatus - is set to empty string by resize controller - or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: array @@ -5401,16 +6126,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select the pods over which spreading - will be calculated. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods over - which spreading will be calculated for the - incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod\ + \ label keys to select the pods over which\ + \ spreading will be calculated. The keys are\ + \ used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed\ + \ with labelSelector to select the group of\ + \ existing pods over which spreading will\ + \ be calculated for the incoming pod. The\ + \ same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot\ + \ be set when LabelSelector isn't set. Keys\ + \ that don't exist in the incoming pod labels\ + \ will be ignored. A null or empty list means\ + \ only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -6625,16 +7356,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select the pods over which spreading - will be calculated. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods over - which spreading will be calculated for the - incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod\ + \ label keys to select the pods over which\ + \ spreading will be calculated. The keys are\ + \ used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed\ + \ with labelSelector to select the group of\ + \ existing pods over which spreading will\ + \ be calculated for the incoming pod. The\ + \ same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot\ + \ be set when LabelSelector isn't set. Keys\ + \ that don't exist in the incoming pod labels\ + \ will be ignored. A null or empty list means\ + \ only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -6823,7 +7560,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -7053,7 +7791,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -7137,6 +7876,60 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, + then it should ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane. -\ + \ ControllerResizeFailed: State set when resize\ + \ has failed in resize controller with a terminal\ + \ error. - NodeResizePending: State set when\ + \ resize controller has finished resizing\ + \ the volume but further resizing of volume\ + \ is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more\ + \ capacity - this field can be one of the\ + \ following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -7144,21 +7937,38 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume - expansion operation is requested. For storage - quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used - for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources - is only lowered if there are no expansion - operations in progress and if the actual volume - capacity is equal or lower than the requested - capacity. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including its\ + \ capacity. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update\ + \ with previously unknown resourceName should\ + \ ignore the update for the purpose it was\ + \ designed. For example - a controller that\ + \ only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." type: object capacity: additionalProperties: @@ -7177,7 +7987,7 @@ spec: Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -7218,14 +8028,6 @@ spec: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default - but when expansion is complete resizeStatus - is set to empty string by resize controller - or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: array @@ -7236,6 +8038,24 @@ spec: type: object nullable: true type: array + store: + description: OSDStore is the backend storage type used for creating + the OSDs + properties: + type: + description: Type of backend storage to be used while creating + OSDs. If empty, then bluestore will be used + enum: + - bluestore + - bluestore-rdr + type: string + updateStore: + description: UpdateStore updates the backend store for existing + OSDs. It destroys each OSD one at a time, cleans up the + backing disk and prepares same OSD on that disk + pattern: ^$|^yes-really-update-store$ + type: string + type: object useAllDevices: description: Whether to consume all the storage devices found on a machine @@ -7439,8 +8259,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -7518,6 +8338,54 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status\ + \ of resource being resized for the given PVC. Key\ + \ names follow standard Kubernetes label syntax.\ + \ Valid values are either: * Un-prefixed keys: -\ + \ storage - the capacity of the volume. * Custom\ + \ resources must use implementation-defined prefixed\ + \ names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered reserved\ + \ and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending: State\ + \ set when resize controller has finished resizing\ + \ the volume but further resizing of volume is needed\ + \ on the node. - NodeResizeInProgress: State set\ + \ when kubelet starts resizing the volume. - NodeResizeFailed:\ + \ State set when resizing has failed in kubelet\ + \ with a terminal error. Transient errors don't\ + \ set NodeResizeFailed. For example: if expanding\ + \ a PVC for more capacity - this field can be one\ + \ of the following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is not\ + \ set, it means that no resize operation is in progress\ + \ for the given PVC. \n A controller that receives\ + \ PVC update with previously unknown resourceName\ + \ or ClaimResourceStatus should ignore the update\ + \ for the purpose it was designed. For example -\ + \ a controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -7525,20 +8393,34 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation. If a volume expansion capacity - request is lowered, allocatedResources is only lowered - if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity. Key\ + \ names follow standard Kubernetes label syntax.\ + \ Valid values are either: * Un-prefixed keys: -\ + \ storage - the capacity of the volume. * Custom\ + \ resources must use implementation-defined prefixed\ + \ names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered reserved\ + \ and hence may not be used. \n Capacity reported\ + \ here may be larger than the actual capacity when\ + \ a volume expansion operation is requested. For\ + \ storage quota, the larger value from allocatedResources\ + \ and PVC.spec.resources is used. If allocatedResources\ + \ is not set, PVC.spec.resources alone is used for\ + \ quota calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is only\ + \ lowered if there are no expansion operations in\ + \ progress and if the actual volume capacity is\ + \ equal or lower than the requested capacity. \n\ + \ A controller that receives PVC update with previously\ + \ unknown resourceName should ignore the update\ + \ for the purpose it was designed. For example -\ + \ a controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." type: object capacity: additionalProperties: @@ -7556,7 +8438,7 @@ spec: volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -7597,14 +8479,6 @@ spec: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default but - when expansion is complete resizeStatus is set to - empty string by resize controller or kubelet. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -7653,136 +8527,1330 @@ spec: properties: message: type: string - severity: + severity: + type: string + required: + - message + - severity + type: object + type: object + fsid: + type: string + health: + type: string + lastChanged: + type: string + lastChecked: + type: string + previousHealth: + type: string + versions: + description: CephDaemonsVersions show the current ceph version + for different ceph daemons + properties: + cephfs-mirror: + additionalProperties: + type: integer + description: CephFSMirror shows CephFSMirror Ceph version + type: object + mds: + additionalProperties: + type: integer + description: Mds shows Mds Ceph version + type: object + mgr: + additionalProperties: + type: integer + description: Mgr shows Mgr Ceph version + type: object + mon: + additionalProperties: + type: integer + description: Mon shows Mon Ceph version + type: object + osd: + additionalProperties: + type: integer + description: Osd shows Osd Ceph version + type: object + overall: + additionalProperties: + type: integer + description: Overall shows overall Ceph version + type: object + rbd-mirror: + additionalProperties: + type: integer + description: RbdMirror shows RbdMirror Ceph version + type: object + rgw: + additionalProperties: + type: integer + description: Rgw shows Rgw Ceph version + type: object + type: object + type: object + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + message: + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: ConditionType represent a resource's status + type: string + state: + description: ClusterState represents the state of a Ceph Cluster + type: string + storage: + description: CephStorage represents flavors of Ceph Cluster Storage + properties: + deviceClasses: + items: + description: DeviceClasses represents device classes of a + Ceph Cluster + properties: + name: + type: string + type: object + type: array + osd: + description: OSDStatus represents OSD status of the ceph Cluster + properties: + storeType: + additionalProperties: + type: integer + description: StoreType is a mapping between the OSD backend + stores and number of OSDs using these stores + type: object + type: object + type: object + version: + description: ClusterVersion represents the version of a Ceph Cluster + properties: + image: + type: string + version: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephcosidrivers.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephCOSIDriver + listKind: CephCOSIDriverList + plural: cephcosidrivers + shortNames: + - cephcosi + singular: cephcosidriver + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CephCOSIDriver represents the CRD for the Ceph COSI Driver + Deployment + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the specification of a Ceph COSI Driver + properties: + deploymentStrategy: + description: DeploymentStrategy is the strategy to use to deploy + the COSI driver. + enum: + - Never + - Auto + - Always + type: string + image: + description: Image is the container image to run the Ceph COSI driver + type: string + objectProvisionerImage: + description: ObjectProvisionerImage is the container image to run + the COSI driver sidecar + type: string + placement: + description: Placement is the placement strategy to use for the + COSI driver + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of + matching pods in an eligible domain or zero if the number + of eligible domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 | zone3 | | P + P | P P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; scheduling + it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto any zone. When + `whenUnsatisfiable=ScheduleAnyway`, it is used to give + higher precedence to topologies that satisfy it. It''s + a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of\ + \ eligible domains. When the number of eligible domains\ + \ with matching topology keys is less than minDomains,\ + \ Pod Topology Spread treats \"global minimum\" as 0,\ + \ and then the calculation of Skew is performed. And\ + \ when the number of eligible domains with matching\ + \ topology keys equals or greater than minDomains, this\ + \ value has no effect on scheduling. As a result, when\ + \ the number of eligible domains is less than minDomains,\ + \ scheduler won't schedule more than maxSkew Pods to\ + \ those domains. If value is nil, the constraint behaves\ + \ as if MinDomains is equal to 1. Valid values are integers\ + \ greater than 0. When value is not nil, WhenUnsatisfiable\ + \ must be DoNotSchedule. \n For example, in a 3-zone\ + \ cluster, MaxSkew is set to 2, MinDomains is set to\ + \ 5 and pods with the same labelSelector spread as 2/2/2:\ + \ | zone1 | zone2 | zone3 | | P P | P P | P P \ + \ | The number of domains is less than 5(MinDomains),\ + \ so \"global minimum\" is treated as 0. In this situation,\ + \ new pod with the same labelSelector cannot be scheduled,\ + \ because computed skew will be 3(3 - 0) if new Pod\ + \ is scheduled to any of the three zones, it will violate\ + \ MaxSkew. \n This is a beta field and requires the\ + \ MinDomainsInPodTopologySpread feature gate to be enabled\ + \ (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will\ + \ treat Pod's nodeAffinity/nodeSelector when calculating\ + \ pod topology spread skew. Options are: - Honor: only\ + \ nodes matching nodeAffinity/nodeSelector are included\ + \ in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat\ + \ node taints when calculating pod topology spread skew.\ + \ Options are: - Honor: nodes without taints, along\ + \ with tainted nodes for which the incoming pod has\ + \ a toleration, are included. - Ignore: node taints\ + \ are ignored. All nodes are included. \n If this value\ + \ is nil, the behavior is equivalent to the Ignore policy.\ + \ This is a beta-level feature default enabled by the\ + \ NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values + are considered to be in the same topology. We consider + each as a "bucket", and try to put balanced + number of pods into each bucket. We define a domain + as a particular instance of a topology. Also, we define + an eligible domain as a domain whose nodes meet the + requirements of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each + Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become + 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be + imbalanced, but scheduler won''t make it *more* imbalanced. + It''s a required field.' type: string required: - - message - - severity + - maxSkew + - topologyKey + - whenUnsatisfiable type: object - type: object - fsid: - type: string - health: - type: string - lastChanged: - type: string - lastChecked: - type: string - previousHealth: - type: string - versions: - description: CephDaemonsVersions show the current ceph version - for different ceph daemons - properties: - cephfs-mirror: - additionalProperties: - type: integer - description: CephFSMirror shows CephFSMirror Ceph version - type: object - mds: - additionalProperties: - type: integer - description: Mds shows Mds Ceph version - type: object - mgr: - additionalProperties: - type: integer - description: Mgr shows Mgr Ceph version - type: object - mon: - additionalProperties: - type: integer - description: Mon shows Mon Ceph version - type: object - osd: - additionalProperties: - type: integer - description: Osd shows Osd Ceph version - type: object - overall: - additionalProperties: - type: integer - description: Overall shows overall Ceph version - type: object - rbd-mirror: - additionalProperties: - type: integer - description: RbdMirror shows RbdMirror Ceph version - type: object - rgw: - additionalProperties: - type: integer - description: Rgw shows Rgw Ceph version - type: object - type: object + type: array type: object - conditions: - items: - description: Condition represents a status condition on any Rook-Ceph - Custom Resource. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is a reason for a condition - type: string - status: - type: string - type: - description: ConditionType represent a resource's status - type: string - type: object - type: array - message: - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: ConditionType represent a resource's status - type: string - state: - description: ClusterState represents the state of a Ceph Cluster - type: string - storage: - description: CephStorage represents flavors of Ceph Cluster Storage + resources: + description: Resources is the resource requirements for the COSI + driver properties: - deviceClasses: + claims: + description: "Claims lists the names of resources, defined in\ + \ spec.resourceClaims, that are used by this container. \n\ + \ This is an alpha field and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It can only be\ + \ set for containers." items: - description: DeviceClasses represents device classes of a - Ceph Cluster + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a container. type: string + required: + - name type: object type: array - type: object - version: - description: ClusterVersion represents the version of a Ceph Cluster - properties: - image: - type: string - version: - type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object type: object type: object - x-kubernetes-preserve-unknown-fields: true required: - metadata - spec type: object served: true storage: true - subresources: - status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -8782,14 +10850,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A - null or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -8956,7 +11029,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object @@ -9533,8 +11607,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -9567,7 +11640,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -10642,15 +12717,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select the pods over which spreading will - be calculated. The keys are used to lookup values - from the incoming pod labels, those key-value labels - are ANDed with labelSelector to select the group - of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." items: type: string type: array @@ -10824,8 +12905,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -10867,8 +12948,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -10901,7 +12981,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -11564,7 +13646,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -12112,7 +14194,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -12700,7 +14782,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -13242,7 +15324,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object sssdConfigFile: @@ -13378,7 +15461,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -14859,15 +16942,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select the pods over which spreading will - be calculated. The keys are used to lookup values - from the incoming pod labels, those key-value labels - are ANDed with labelSelector to select the group - of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." items: type: string type: array @@ -15042,8 +17131,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -15230,6 +17319,17 @@ spec: spec: description: ObjectStoreSpec represent the spec of a pool properties: + allowUsersInNamespaces: + description: The list of allowed namespaces in addition to the object + store namespace where ceph object store users may be created. + Specify "*" to allow all namespaces, otherwise list individual + namespaces that are to be allowed. This is useful for applications + that need object store credentials to be created in their own + namespace, where neither OBCs nor COSI is being used to create + buckets. The default is empty. + items: + type: string + type: array dataPool: description: The data pool settings nullable: true @@ -15453,6 +17553,14 @@ spec: nullable: true type: boolean x-kubernetes-preserve-unknown-fields: true + disableMultisiteSyncTraffic: + description: 'DisableMultisiteSyncTraffic, when true, prevents + this object store''s gateways from transmitting multisite + replication data. Note that this value does not affect whether + gateways receive multisite replication traffic: see ObjectZone.spec.customEndpoints + for that. If false or unset, this object store''s gateways + will be able to transmit multisite replication data.' + type: boolean externalRgwEndpoints: description: ExternalRgwEndpoints points to external RGW endpoint(s). Multiple endpoints can be given, but for stability of ObjectBucketClaims, @@ -16481,15 +18589,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select the pods over which spreading will - be calculated. The keys are used to lookup values - from the incoming pod labels, those key-value labels - are ANDed with labelSelector to select the group - of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." items: type: string type: array @@ -16668,8 +18782,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -16740,8 +18854,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -16774,7 +18887,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -16904,8 +19019,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -16938,7 +19052,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -17560,6 +19676,10 @@ spec: - read, write type: string type: object + clusterNamespace: + description: The namespace where the parent CephCluster and CephObjectStore + are found + type: string displayName: description: The display name for the ceph users type: string @@ -17757,14 +19877,17 @@ spec: description: ObjectZoneSpec represent the spec of an ObjectZone properties: customEndpoints: - description: 'If this zone cannot be accessed from other peer Ceph - clusters via the ClusterIP Service endpoint created by Rook, you - must set this to the externally reachable endpoint(s). You may - include the port in the definition. For example: "https://my-object-store.my-domain.net:443". - In many cases, you should set this to the endpoint of the ingress - resource that makes the CephObjectStore associated with this CephObjectStoreZone - reachable to peer clusters. The list can have one or more endpoints - pointing to different RGW servers in the zone.' + description: "If this zone cannot be accessed from other peer Ceph\ + \ clusters via the ClusterIP Service endpoint created by Rook,\ + \ you must set this to the externally reachable endpoint(s). You\ + \ may include the port in the definition. For example: \"https://my-object-store.my-domain.net:443\"\ + . In many cases, you should set this to the endpoint of the ingress\ + \ resource that makes the CephObjectStore associated with this\ + \ CephObjectStoreZone reachable to peer clusters. The list can\ + \ have one or more endpoints pointing to different RGW servers\ + \ in the zone. \n If a CephObjectStore endpoint is omitted from\ + \ this list, that object store's gateways will not receive multisite\ + \ replication data (see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic)." items: type: string nullable: true @@ -19242,14 +21365,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A - null or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -19417,7 +21545,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml index f7ecc6e2..21673cbc 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml index 416b3557..b9852c1e 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml index 86a31d71..04905a6c 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system @@ -34,3 +34,13 @@ kind: ServiceAccount metadata: name: rook-csi-rbd-provisioner-sa namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner + namespace: syn-rook-ceph-operator diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml index 8e3250ad..fb1cb7b6 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml @@ -109,10 +109,13 @@ spec: secretKeyRef: key: ceph-username name: rook-ceph-mon - image: docker.io/rook/ceph:v1.11.11 + image: docker.io/rook/ceph:v1.12.7 imagePullPolicy: IfNotPresent name: rook-ceph-tools securityContext: + capabilities: + drop: + - ALL runAsGroup: 2016 runAsNonRoot: true runAsUser: 2016 diff --git a/tests/golden/defaults/rook-ceph/rook-ceph/40_alertrules.yaml b/tests/golden/defaults/rook-ceph/rook-ceph/40_alertrules.yaml index bfb23f1c..4ee034d1 100644 --- a/tests/golden/defaults/rook-ceph/rook-ceph/40_alertrules.yaml +++ b/tests/golden/defaults/rook-ceph/rook-ceph/40_alertrules.yaml @@ -306,13 +306,13 @@ spec: syn: 'true' syn_component: rook-ceph type: ceph_default - - alert: SYN_CephPGUnavilableBlockingIO + - alert: SYN_CephPGUnavailableBlockingIO annotations: description: Data availability is reduced, impacting the cluster's ability to service I/O. One or more placement groups (PGs) are in a state that blocks I/O. documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-availability - runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGUnavilableBlockingIO.html + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGUnavailableBlockingIO.html summary: PG is unavailable, blocking I/O expr: ((ceph_health_detail{name="PG_AVAILABILITY"} == 1) - scalar(ceph_health_detail{name="OSD_DOWN"})) == 1 diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml index 41c5cc15..4c233042 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/cluster-rbac.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-osd @@ -18,7 +18,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-mgr @@ -31,7 +31,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-cmd-reporter @@ -50,7 +50,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-rgw @@ -180,6 +180,7 @@ rules: - cephfilesystemmirrors - cephfilesystemsubvolumegroups - cephblockpoolradosnamespaces + - cephcosidrivers verbs: - get - list diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml index 0207d92c..dd670bb9 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system @@ -33,6 +33,23 @@ rules: - get - delete - update + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - get + - update + - delete + - watch + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -41,7 +58,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-cluster-mgmt @@ -74,7 +91,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-global @@ -147,6 +164,7 @@ rules: - cephfilesystemmirrors - cephfilesystemsubvolumegroups - cephblockpoolradosnamespaces + - cephcosidrivers verbs: - get - list @@ -261,7 +279,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-mgr-cluster @@ -317,7 +335,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-object-bucket @@ -518,7 +536,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rbd-csi-nodeplugin @@ -724,3 +742,52 @@ rules: - get - list - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner-role +rules: + - apiGroups: + - objectstorage.k8s.io + resources: + - buckets + - bucketaccesses + - bucketclaims + - bucketaccessclasses + - buckets/status + - bucketaccesses/status + - bucketclaims/status + - bucketaccessclasses/status + verbs: + - get + - list + - watch + - update + - create + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - '' + resources: + - secrets + - events + verbs: + - get + - delete + - update + - create diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml index 4af00476..b55dd722 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/clusterrolebinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system @@ -25,7 +25,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-global @@ -102,3 +102,20 @@ subjects: - kind: ServiceAccount name: rook-csi-rbd-provisioner-sa namespace: syn-rook-ceph-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: objectstorage-provisioner-role +subjects: + - kind: ServiceAccount + name: objectstorage-provisioner + namespace: syn-rook-ceph-operator diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml index 142ee3fb..05ce7905 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/configmap.yaml @@ -226,7 +226,7 @@ data: cpu: 100m ROOK_CEPH_ALLOW_LOOP_DEVICES: 'false' ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: '15' - ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.5.0 + ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.7.0 ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.9.0 ROOK_CSI_ENABLE_CEPHFS: 'false' ROOK_CSI_ENABLE_GRPC_METRICS: 'true' @@ -234,6 +234,7 @@ data: ROOK_CSI_ENABLE_RBD: 'true' ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent ROOK_DISABLE_ADMISSION_CONTROLLER: 'true' + ROOK_ENABLE_DISCOVERY_DAEMON: 'false' ROOK_LOG_LEVEL: INFO ROOK_OBC_WATCH_OPERATOR_NAMESPACE: 'true' kind: ConfigMap diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml index a0ecc198..5882b5fb 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-operator @@ -20,7 +20,7 @@ spec: metadata: labels: app: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 spec: containers: - args: @@ -33,10 +33,8 @@ spec: value: 'true' - name: ROOK_DISABLE_DEVICE_HOTPLUG value: 'false' - - name: DISCOVER_DAEMON_UDEV_BLACKLIST - value: '' - - name: ROOK_ENABLE_DISCOVERY_DAEMON - value: 'false' + - name: ROOK_DISCOVER_DEVICES_INTERVAL + value: 60m - name: NODE_NAME valueFrom: fieldRef: @@ -49,7 +47,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/rook/ceph:v1.11.11 + image: docker.io/rook/ceph:v1.12.7 imagePullPolicy: IfNotPresent name: rook-ceph-operator ports: diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml index 0a39b34c..65c3cca7 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/resources.yaml @@ -1095,6 +1095,13 @@ spec: maximum: 65535 minimum: 0 type: integer + prometheusEndpoint: + description: Endpoint for the Prometheus host + type: string + prometheusEndpointSSLVerify: + description: Whether to verify the ssl endpoint for prometheus. + Set to false for a self-signed cert. + type: boolean ssl: description: SSL determines whether SSL should be used type: boolean @@ -1240,8 +1247,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -1275,7 +1281,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -1408,8 +1417,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a - GRPC port. This is a beta field and requires enabling - GRPCContainerProbe feature gate. + GRPC port. properties: port: description: Port number of the gRPC service. @@ -1443,7 +1451,10 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. type: string value: description: The header field value @@ -1579,8 +1590,8 @@ spec: on the same node (not recommended) type: boolean count: - description: Count is the number of manager to run - maximum: 2 + description: Count is the number of manager daemons to run + maximum: 5 minimum: 0 type: integer modules: @@ -1614,6 +1625,8 @@ spec: maximum: 9 minimum: 0 type: integer + failureDomainLabel: + type: string stretchCluster: description: StretchCluster is the stretch cluster specification properties: @@ -1628,12 +1641,12 @@ spec: zones: description: Zones is the list of zones items: - description: StretchClusterZoneSpec represents the specification - of a stretched zone in a Ceph Cluster + description: MonZoneSpec represents the specification + of a zone in a Ceph Cluster properties: arbiter: description: Arbiter determines if the zone contains - the arbiter + the arbiter used for stretch cluster mode type: boolean name: description: Name is the name of the zone @@ -1852,7 +1865,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -1936,6 +1950,62 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives + persistentvolume claim update with ClaimResourceStatus + for a resource that it does not recognizes, + then it should ignore that update and + let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either:\ + \ * Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must\ + \ use implementation-defined prefixed names\ + \ such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are\ + \ unprefixed or have kubernetes.io prefix\ + \ are considered reserved and hence may\ + \ not be used. \n ClaimResourceStatus can\ + \ be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane.\ + \ - ControllerResizeFailed: State set when\ + \ resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending:\ + \ State set when resize controller has finished\ + \ resizing the volume but further resizing\ + \ of volume is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing\ + \ the volume. - NodeResizeFailed: State\ + \ set when resizing has failed in kubelet\ + \ with a terminal error. Transient errors\ + \ don't set NodeResizeFailed. For example:\ + \ if expanding a PVC for more capacity -\ + \ this field can be one of the following\ + \ states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field\ + \ is not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A\ + \ controller that receives PVC update with\ + \ previously unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing\ + \ capacity of the volume, should ignore\ + \ PVC updates that change other valid resources\ + \ associated with PVC. \n This is an alpha\ + \ field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -1943,22 +2013,40 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may - be larger than the actual capacity when - a volume expansion operation is requested. - For storage quota, the larger value from - allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, - PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity - request is lowered, allocatedResources is - only lowered if there are no expansion operations - in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including\ + \ its capacity. Key names follow standard\ + \ Kubernetes label syntax. Valid values\ + \ are either: * Un-prefixed keys: - storage\ + \ - the capacity of the volume. * Custom\ + \ resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are\ + \ unprefixed or have kubernetes.io prefix\ + \ are considered reserved and hence may\ + \ not be used. \n Capacity reported here\ + \ may be larger than the actual capacity\ + \ when a volume expansion operation is requested.\ + \ For storage quota, the larger value from\ + \ allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not\ + \ set, PVC.spec.resources alone is used\ + \ for quota calculation. If a volume expansion\ + \ capacity request is lowered, allocatedResources\ + \ is only lowered if there are no expansion\ + \ operations in progress and if the actual\ + \ volume capacity is equal or lower than\ + \ the requested capacity. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName should ignore the\ + \ update for the purpose it was designed.\ + \ For example - a controller that only is\ + \ responsible for resizing capacity of the\ + \ volume, should ignore PVC updates that\ + \ change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." type: object capacity: additionalProperties: @@ -1977,7 +2065,7 @@ spec: the Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -2018,15 +2106,6 @@ spec: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of - resize operation. ResizeStatus is not set - by default but when expansion is complete - resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha - field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -2223,7 +2302,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2298,6 +2378,54 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status\ + \ of resource being resized for the given PVC. Key\ + \ names follow standard Kubernetes label syntax. Valid\ + \ values are either: * Un-prefixed keys: - storage\ + \ - the capacity of the volume. * Custom resources\ + \ must use implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart from\ + \ above values - keys that are unprefixed or have\ + \ kubernetes.io prefix are considered reserved and\ + \ hence may not be used. \n ClaimResourceStatus can\ + \ be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending: State\ + \ set when resize controller has finished resizing\ + \ the volume but further resizing of volume is needed\ + \ on the node. - NodeResizeInProgress: State set when\ + \ kubelet starts resizing the volume. - NodeResizeFailed:\ + \ State set when resizing has failed in kubelet with\ + \ a terminal error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more capacity\ + \ - this field can be one of the following states:\ + \ - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is not set,\ + \ it means that no resize operation is in progress\ + \ for the given PVC. \n A controller that receives\ + \ PVC update with previously unknown resourceName\ + \ or ClaimResourceStatus should ignore the update\ + \ for the purpose it was designed. For example - a\ + \ controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -2305,19 +2433,33 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if - there are no expansion operations in progress and - if the actual volume capacity is equal or lower than - the requested capacity. This is an alpha field and - requires enabling RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity. Key names\ + \ follow standard Kubernetes label syntax. Valid values\ + \ are either: * Un-prefixed keys: - storage - the\ + \ capacity of the volume. * Custom resources must\ + \ use implementation-defined prefixed names such as\ + \ \"example.com/my-custom-resource\" Apart from above\ + \ values - keys that are unprefixed or have kubernetes.io\ + \ prefix are considered reserved and hence may not\ + \ be used. \n Capacity reported here may be larger\ + \ than the actual capacity when a volume expansion\ + \ operation is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set, PVC.spec.resources\ + \ alone is used for quota calculation. If a volume\ + \ expansion capacity request is lowered, allocatedResources\ + \ is only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity is\ + \ equal or lower than the requested capacity. \n A\ + \ controller that receives PVC update with previously\ + \ unknown resourceName should ignore the update for\ + \ the purpose it was designed. For example - a controller\ + \ that only is responsible for resizing capacity of\ + \ the volume, should ignore PVC updates that change\ + \ other valid resources associated with PVC. \n This\ + \ is an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." type: object capacity: additionalProperties: @@ -2335,7 +2477,7 @@ spec: volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -2373,17 +2515,465 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by - resize controller or kubelet. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object x-kubernetes-preserve-unknown-fields: true + zones: + description: Zones are specified when we want to provide zonal + awareness to mons + items: + description: MonZoneSpec represents the specification of a + zone in a Ceph Cluster + properties: + arbiter: + description: Arbiter determines if the zone contains the + arbiter used for stretch cluster mode + type: boolean + name: + description: Name is the name of the zone + type: string + volumeClaimTemplate: + description: VolumeClaimTemplate is the PVC template + properties: + apiVersion: + description: 'APIVersion defines the versioned schema + of this representation of an object. Servers should + convert recognized schemas to the latest internal + value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing + the REST resource this object represents. Servers + may infer this from the endpoint the client submits + requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics + of a volume requested by a pod author. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may be + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity + recorded in the status field of the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources,\ + \ defined in spec.resourceClaims, that are\ + \ used by this container. \n This is an\ + \ alpha field and requires enabling the\ + \ DynamicResourceAllocation feature gate.\ + \ \n This field is immutable. It can only\ + \ be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual + access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, then + it should ignore that update and let other + controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the given\ + \ PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: * Un-prefixed\ + \ keys: - storage - the capacity of the volume.\ + \ * Custom resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize\ + \ controller with a terminal error. - NodeResizePending:\ + \ State set when resize controller has finished\ + \ resizing the volume but further resizing of\ + \ volume is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more capacity\ + \ - this field can be one of the following states:\ + \ - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously unknown\ + \ resourceName or ClaimResourceStatus should\ + \ ignore the update for the purpose it was designed.\ + \ For example - a controller that only is responsible\ + \ for resizing capacity of the volume, should\ + \ ignore PVC updates that change other valid\ + \ resources associated with PVC. \n This is\ + \ an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity.\ + \ Key names follow standard Kubernetes label\ + \ syntax. Valid values are either: * Un-prefixed\ + \ keys: - storage - the capacity of the volume.\ + \ * Custom resources must use implementation-defined\ + \ prefixed names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update with\ + \ previously unknown resourceName should ignore\ + \ the update for the purpose it was designed.\ + \ For example - a controller that only is responsible\ + \ for resizing capacity of the volume, should\ + \ ignore PVC updates that change other valid\ + \ resources associated with PVC. \n This is\ + \ an alpha field and requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition + of persistent volume claim. If underlying persistent + volume is being resized then the Condition will + be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition + contains details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last + transition. + type: string + reason: + description: reason is a unique, this should + be a short, machine understandable string + that gives the reason for condition's + last transition. If it reports "ResizeStarted" + that means the underlying persistent volume + is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array type: object monitoring: description: Prometheus based Monitoring settings @@ -2405,12 +2995,10 @@ spec: description: The Hostname of this endpoint type: string ip: - description: 'The IP of this endpoint. May not be loopback - (127.0.0.0/8), link-local (169.254.0.0/16), or link-local - multicast ((224.0.0.0/24). IPv6 is also accepted but - not fully supported on all platforms. Also, certain - kubernetes components, like kube-proxy, are not IPv6 - ready. TODO: This should allow hostname or IP, See #4447.' + description: The IP of this endpoint. May not be loopback + (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or + fe80::/10), or link-local multicast (224.0.0.0/24 or + ff02::/16). type: string nodeName: description: 'Optional: Node hosting this endpoint. This @@ -2486,6 +3074,38 @@ spec: description: Network related configuration nullable: true properties: + addressRanges: + description: AddressRanges specify a list of CIDRs that Rook + will apply to Ceph's 'public_network' and/or 'cluster_network' + configurations. This config section may be used for the "host" + or "multus" network providers. + nullable: true + properties: + cluster: + description: Cluster defines a list of CIDRs to use for + Ceph cluster network communication. + items: + description: "An IPv4 or IPv6 network CIDR. \n This naive\ + \ kubebuilder regex provides immediate feedback for\ + \ some typos and for a common problem case where the\ + \ range spec is forgotten (e.g., /24). Rook does in-depth\ + \ validation in code." + pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ + type: string + type: array + public: + description: Public defines a list of CIDRs to use for Ceph + public network communication. + items: + description: "An IPv4 or IPv6 network CIDR. \n This naive\ + \ kubebuilder regex provides immediate feedback for\ + \ some typos and for a common problem case where the\ + \ range spec is forgotten (e.g., /24). Rook does in-depth\ + \ validation in code." + pattern: ^[0-9a-fA-F:.]{2,}\/[0-9]{1,3}$ + type: string + type: array + type: object connections: description: Settings for network connections such as compression and encryption across the wire. @@ -2556,15 +3176,37 @@ spec: provider: description: Provider is what provides network connectivity to the cluster e.g. "host" or "multus" + enum: + - '' + - host + - multus nullable: true type: string selectors: additionalProperties: type: string - description: Selectors string values describe what networks - will be used to connect the cluster. Meanwhile the keys describe - each network respective responsibilities or any metadata storage - provider decide. + description: "Selectors define NetworkAttachmentDefinitions\ + \ to be used for Ceph public and/or cluster networks when\ + \ the \"multus\" network provider is used. This config section\ + \ is not used for other network providers. \n Valid keys are\ + \ \"public\" and \"cluster\". Refer to Ceph networking documentation\ + \ for more: https://docs.ceph.com/en/reef/rados/configuration/network-config-ref/\ + \ \n Refer to Multus network annotation documentation for\ + \ help selecting values: https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#run-pod-with-network-annotation\ + \ \n Rook will make a best-effort attempt to automatically\ + \ detect CIDR address ranges for given network attachment\ + \ definitions. Rook's methods are robust but may be imprecise\ + \ for sufficiently complicated networks. Rook's auto-detection\ + \ process obtains a new IP address lease for each CephCluster\ + \ reconcile. If Rook fails to detect, incorrectly detects,\ + \ only partially detects, or if underlying networks do not\ + \ support reusing old IP addresses, it is best to use the\ + \ 'addressRanges' config section to specify CIDR ranges for\ + \ the Ceph cluster. \n As a contrived example, one can use\ + \ a theoretical Kubernetes-wide network for Ceph client traffic\ + \ and a theoretical Rook-only network for Ceph replication\ + \ traffic as shown: selectors: public: \"default/cluster-fast-net\"\ + \ cluster: \"rook-ceph/ceph-backend-net\"" nullable: true type: object type: object @@ -3537,15 +4179,20 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with - labelSelector to select the group of existing pods - over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming pod labels - will be ignored. A null or empty list means only match - against labelSelector. + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be\ + \ calculated. The keys are used to lookup values from\ + \ the incoming pod labels, those key-value labels\ + \ are ANDed with labelSelector to select the group\ + \ of existing pods over which spreading will be calculated\ + \ for the incoming pod. The same key is forbidden\ + \ to exist in both MatchLabelKeys and LabelSelector.\ + \ MatchLabelKeys cannot be set when LabelSelector\ + \ isn't set. Keys that don't exist in the incoming\ + \ pod labels will be ignored. A null or empty list\ + \ means only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -3729,7 +4376,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object description: Resources set resource requests and limits @@ -3815,6 +4463,18 @@ spec: nullable: true type: array x-kubernetes-preserve-unknown-fields: true + flappingRestartIntervalHours: + description: FlappingRestartIntervalHours defines the time for + which the OSD pods, that failed with zero exit code, will + sleep before restarting. This is needed for OSD flapping where + OSD daemons are marked down more than 5 times in 600 seconds + by Ceph. Preventing the OSD pods to restart immediately in + such scenarios will prevent Rook from marking OSD as `up` + and thus peering of the PGs mapped to the OSD. User needs + to manually restart the OSD pod if they manage to fix the + underlying OSD flapping issue before the restart interval. + The sleep will be disabled if this interval is set to 0. + type: integer nodes: items: description: Node is a storage nodes @@ -3905,7 +4565,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -4126,7 +4787,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4210,6 +4872,60 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, + then it should ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane. -\ + \ ControllerResizeFailed: State set when resize\ + \ has failed in resize controller with a terminal\ + \ error. - NodeResizePending: State set when\ + \ resize controller has finished resizing\ + \ the volume but further resizing of volume\ + \ is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more\ + \ capacity - this field can be one of the\ + \ following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -4217,21 +4933,38 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume - expansion operation is requested. For storage - quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used - for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources - is only lowered if there are no expansion - operations in progress and if the actual volume - capacity is equal or lower than the requested - capacity. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including its\ + \ capacity. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update\ + \ with previously unknown resourceName should\ + \ ignore the update for the purpose it was\ + \ designed. For example - a controller that\ + \ only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." type: object capacity: additionalProperties: @@ -4250,7 +4983,7 @@ spec: Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -4291,14 +5024,6 @@ spec: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default - but when expansion is complete resizeStatus - is set to empty string by resize controller - or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: array @@ -5401,16 +6126,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select the pods over which spreading - will be calculated. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods over - which spreading will be calculated for the - incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod\ + \ label keys to select the pods over which\ + \ spreading will be calculated. The keys are\ + \ used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed\ + \ with labelSelector to select the group of\ + \ existing pods over which spreading will\ + \ be calculated for the incoming pod. The\ + \ same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot\ + \ be set when LabelSelector isn't set. Keys\ + \ that don't exist in the incoming pod labels\ + \ will be ignored. A null or empty list means\ + \ only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -6625,16 +7356,22 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod - label keys to select the pods over which spreading - will be calculated. The keys are used to lookup - values from the incoming pod labels, those - key-value labels are ANDed with labelSelector - to select the group of existing pods over - which spreading will be calculated for the - incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod\ + \ label keys to select the pods over which\ + \ spreading will be calculated. The keys are\ + \ used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed\ + \ with labelSelector to select the group of\ + \ existing pods over which spreading will\ + \ be calculated for the incoming pod. The\ + \ same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot\ + \ be set when LabelSelector isn't set. Keys\ + \ that don't exist in the incoming pod labels\ + \ will be ignored. A null or empty list means\ + \ only match against labelSelector. \n This\ + \ is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -6823,7 +7560,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -7053,7 +7791,8 @@ spec: If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -7137,6 +7876,60 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for + a resource that it does not recognizes, + then it should ignore that update and let + other controllers handle it. + type: string + description: "allocatedResourceStatuses stores\ + \ status of resource being resized for the\ + \ given PVC. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts\ + \ resizing the volume in control-plane. -\ + \ ControllerResizeFailed: State set when resize\ + \ has failed in resize controller with a terminal\ + \ error. - NodeResizePending: State set when\ + \ resize controller has finished resizing\ + \ the volume but further resizing of volume\ + \ is needed on the node. - NodeResizeInProgress:\ + \ State set when kubelet starts resizing the\ + \ volume. - NodeResizeFailed: State set when\ + \ resizing has failed in kubelet with a terminal\ + \ error. Transient errors don't set NodeResizeFailed.\ + \ For example: if expanding a PVC for more\ + \ capacity - this field can be one of the\ + \ following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is\ + \ not set, it means that no resize operation\ + \ is in progress for the given PVC. \n A controller\ + \ that receives PVC update with previously\ + \ unknown resourceName or ClaimResourceStatus\ + \ should ignore the update for the purpose\ + \ it was designed. For example - a controller\ + \ that only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -7144,21 +7937,38 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage - resource within AllocatedResources tracks - the capacity allocated to a PVC. It may be - larger than the actual capacity when a volume - expansion operation is requested. For storage - quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used - for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources - is only lowered if there are no expansion - operations in progress and if the actual volume - capacity is equal or lower than the requested - capacity. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the\ + \ resources allocated to a PVC including its\ + \ capacity. Key names follow standard Kubernetes\ + \ label syntax. Valid values are either: *\ + \ Un-prefixed keys: - storage - the capacity\ + \ of the volume. * Custom resources must use\ + \ implementation-defined prefixed names such\ + \ as \"example.com/my-custom-resource\" Apart\ + \ from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered\ + \ reserved and hence may not be used. \n Capacity\ + \ reported here may be larger than the actual\ + \ capacity when a volume expansion operation\ + \ is requested. For storage quota, the larger\ + \ value from allocatedResources and PVC.spec.resources\ + \ is used. If allocatedResources is not set,\ + \ PVC.spec.resources alone is used for quota\ + \ calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is\ + \ only lowered if there are no expansion operations\ + \ in progress and if the actual volume capacity\ + \ is equal or lower than the requested capacity.\ + \ \n A controller that receives PVC update\ + \ with previously unknown resourceName should\ + \ ignore the update for the purpose it was\ + \ designed. For example - a controller that\ + \ only is responsible for resizing capacity\ + \ of the volume, should ignore PVC updates\ + \ that change other valid resources associated\ + \ with PVC. \n This is an alpha field and\ + \ requires enabling RecoverVolumeExpansionFailure\ + \ feature." type: object capacity: additionalProperties: @@ -7177,7 +7987,7 @@ spec: Condition will be set to 'ResizeStarted'. items: description: PersistentVolumeClaimCondition - contails details about state of pvc + contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time @@ -7218,14 +8028,6 @@ spec: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default - but when expansion is complete resizeStatus - is set to empty string by resize controller - or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: array @@ -7236,6 +8038,24 @@ spec: type: object nullable: true type: array + store: + description: OSDStore is the backend storage type used for creating + the OSDs + properties: + type: + description: Type of backend storage to be used while creating + OSDs. If empty, then bluestore will be used + enum: + - bluestore + - bluestore-rdr + type: string + updateStore: + description: UpdateStore updates the backend store for existing + OSDs. It destroys each OSD one at a time, cleans up the + backing disk and prepares same OSD on that disk + pattern: ^$|^yes-really-update-store$ + type: string + type: object useAllDevices: description: Whether to consume all the storage devices found on a machine @@ -7439,8 +8259,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -7518,6 +8338,54 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status\ + \ of resource being resized for the given PVC. Key\ + \ names follow standard Kubernetes label syntax.\ + \ Valid values are either: * Un-prefixed keys: -\ + \ storage - the capacity of the volume. * Custom\ + \ resources must use implementation-defined prefixed\ + \ names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered reserved\ + \ and hence may not be used. \n ClaimResourceStatus\ + \ can be in any of following states: - ControllerResizeInProgress:\ + \ State set when resize controller starts resizing\ + \ the volume in control-plane. - ControllerResizeFailed:\ + \ State set when resize has failed in resize controller\ + \ with a terminal error. - NodeResizePending: State\ + \ set when resize controller has finished resizing\ + \ the volume but further resizing of volume is needed\ + \ on the node. - NodeResizeInProgress: State set\ + \ when kubelet starts resizing the volume. - NodeResizeFailed:\ + \ State set when resizing has failed in kubelet\ + \ with a terminal error. Transient errors don't\ + \ set NodeResizeFailed. For example: if expanding\ + \ a PVC for more capacity - this field can be one\ + \ of the following states: - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage']\ + \ = \"NodeResizeFailed\" When this field is not\ + \ set, it means that no resize operation is in progress\ + \ for the given PVC. \n A controller that receives\ + \ PVC update with previously unknown resourceName\ + \ or ClaimResourceStatus should ignore the update\ + \ for the purpose it was designed. For example -\ + \ a controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -7525,20 +8393,34 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation. If a volume expansion capacity - request is lowered, allocatedResources is only lowered - if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. + description: "allocatedResources tracks the resources\ + \ allocated to a PVC including its capacity. Key\ + \ names follow standard Kubernetes label syntax.\ + \ Valid values are either: * Un-prefixed keys: -\ + \ storage - the capacity of the volume. * Custom\ + \ resources must use implementation-defined prefixed\ + \ names such as \"example.com/my-custom-resource\"\ + \ Apart from above values - keys that are unprefixed\ + \ or have kubernetes.io prefix are considered reserved\ + \ and hence may not be used. \n Capacity reported\ + \ here may be larger than the actual capacity when\ + \ a volume expansion operation is requested. For\ + \ storage quota, the larger value from allocatedResources\ + \ and PVC.spec.resources is used. If allocatedResources\ + \ is not set, PVC.spec.resources alone is used for\ + \ quota calculation. If a volume expansion capacity\ + \ request is lowered, allocatedResources is only\ + \ lowered if there are no expansion operations in\ + \ progress and if the actual volume capacity is\ + \ equal or lower than the requested capacity. \n\ + \ A controller that receives PVC update with previously\ + \ unknown resourceName should ignore the update\ + \ for the purpose it was designed. For example -\ + \ a controller that only is responsible for resizing\ + \ capacity of the volume, should ignore PVC updates\ + \ that change other valid resources associated with\ + \ PVC. \n This is an alpha field and requires enabling\ + \ RecoverVolumeExpansionFailure feature." type: object capacity: additionalProperties: @@ -7556,7 +8438,7 @@ spec: volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -7597,14 +8479,6 @@ spec: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default but - when expansion is complete resizeStatus is set to - empty string by resize controller or kubelet. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string type: object type: object type: array @@ -7653,136 +8527,1330 @@ spec: properties: message: type: string - severity: + severity: + type: string + required: + - message + - severity + type: object + type: object + fsid: + type: string + health: + type: string + lastChanged: + type: string + lastChecked: + type: string + previousHealth: + type: string + versions: + description: CephDaemonsVersions show the current ceph version + for different ceph daemons + properties: + cephfs-mirror: + additionalProperties: + type: integer + description: CephFSMirror shows CephFSMirror Ceph version + type: object + mds: + additionalProperties: + type: integer + description: Mds shows Mds Ceph version + type: object + mgr: + additionalProperties: + type: integer + description: Mgr shows Mgr Ceph version + type: object + mon: + additionalProperties: + type: integer + description: Mon shows Mon Ceph version + type: object + osd: + additionalProperties: + type: integer + description: Osd shows Osd Ceph version + type: object + overall: + additionalProperties: + type: integer + description: Overall shows overall Ceph version + type: object + rbd-mirror: + additionalProperties: + type: integer + description: RbdMirror shows RbdMirror Ceph version + type: object + rgw: + additionalProperties: + type: integer + description: Rgw shows Rgw Ceph version + type: object + type: object + type: object + conditions: + items: + description: Condition represents a status condition on any Rook-Ceph + Custom Resource. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is a reason for a condition + type: string + status: + type: string + type: + description: ConditionType represent a resource's status + type: string + type: object + type: array + message: + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: ConditionType represent a resource's status + type: string + state: + description: ClusterState represents the state of a Ceph Cluster + type: string + storage: + description: CephStorage represents flavors of Ceph Cluster Storage + properties: + deviceClasses: + items: + description: DeviceClasses represents device classes of a + Ceph Cluster + properties: + name: + type: string + type: object + type: array + osd: + description: OSDStatus represents OSD status of the ceph Cluster + properties: + storeType: + additionalProperties: + type: integer + description: StoreType is a mapping between the OSD backend + stores and number of OSDs using these stores + type: object + type: object + type: object + version: + description: ClusterVersion represents the version of a Ceph Cluster + properties: + image: + type: string + version: + type: string + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + helm.sh/resource-policy: keep + creationTimestamp: null + name: cephcosidrivers.ceph.rook.io +spec: + group: ceph.rook.io + names: + kind: CephCOSIDriver + listKind: CephCOSIDriverList + plural: cephcosidrivers + shortNames: + - cephcosi + singular: cephcosidriver + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CephCOSIDriver represents the CRD for the Ceph COSI Driver + Deployment + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the specification of a Ceph COSI Driver + properties: + deploymentStrategy: + description: DeploymentStrategy is the strategy to use to deploy + the COSI driver. + enum: + - Never + - Auto + - Always + type: string + image: + description: Image is the container image to run the Ceph COSI driver + type: string + objectProvisionerImage: + description: ObjectProvisionerImage is the container image to run + the COSI driver sidecar + type: string + placement: + description: Placement is the placement strategy to use for the + COSI driver + properties: + nodeAffinity: + description: NodeAffinity is a group of node affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: PodAffinity is a group of inter pod affinity scheduling + rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: PodAntiAffinity is a group of inter pod anti affinity + scheduling rules + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + tolerations: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of + matching pods in an eligible domain or zero if the number + of eligible domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 | zone3 | | P + P | P P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; scheduling + it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto any zone. When + `whenUnsatisfiable=ScheduleAnyway`, it is used to give + higher precedence to topologies that satisfy it. It''s + a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of\ + \ eligible domains. When the number of eligible domains\ + \ with matching topology keys is less than minDomains,\ + \ Pod Topology Spread treats \"global minimum\" as 0,\ + \ and then the calculation of Skew is performed. And\ + \ when the number of eligible domains with matching\ + \ topology keys equals or greater than minDomains, this\ + \ value has no effect on scheduling. As a result, when\ + \ the number of eligible domains is less than minDomains,\ + \ scheduler won't schedule more than maxSkew Pods to\ + \ those domains. If value is nil, the constraint behaves\ + \ as if MinDomains is equal to 1. Valid values are integers\ + \ greater than 0. When value is not nil, WhenUnsatisfiable\ + \ must be DoNotSchedule. \n For example, in a 3-zone\ + \ cluster, MaxSkew is set to 2, MinDomains is set to\ + \ 5 and pods with the same labelSelector spread as 2/2/2:\ + \ | zone1 | zone2 | zone3 | | P P | P P | P P \ + \ | The number of domains is less than 5(MinDomains),\ + \ so \"global minimum\" is treated as 0. In this situation,\ + \ new pod with the same labelSelector cannot be scheduled,\ + \ because computed skew will be 3(3 - 0) if new Pod\ + \ is scheduled to any of the three zones, it will violate\ + \ MaxSkew. \n This is a beta field and requires the\ + \ MinDomainsInPodTopologySpread feature gate to be enabled\ + \ (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will\ + \ treat Pod's nodeAffinity/nodeSelector when calculating\ + \ pod topology spread skew. Options are: - Honor: only\ + \ nodes matching nodeAffinity/nodeSelector are included\ + \ in the calculations. - Ignore: nodeAffinity/nodeSelector\ + \ are ignored. All nodes are included in the calculations.\ + \ \n If this value is nil, the behavior is equivalent\ + \ to the Honor policy. This is a beta-level feature\ + \ default enabled by the NodeInclusionPolicyInPodTopologySpread\ + \ feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat\ + \ node taints when calculating pod topology spread skew.\ + \ Options are: - Honor: nodes without taints, along\ + \ with tainted nodes for which the incoming pod has\ + \ a toleration, are included. - Ignore: node taints\ + \ are ignored. All nodes are included. \n If this value\ + \ is nil, the behavior is equivalent to the Ignore policy.\ + \ This is a beta-level feature default enabled by the\ + \ NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values + are considered to be in the same topology. We consider + each as a "bucket", and try to put balanced + number of pods into each bucket. We define a domain + as a particular instance of a topology. Also, we define + an eligible domain as a domain whose nodes meet the + requirements of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each + Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become + 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be + imbalanced, but scheduler won''t make it *more* imbalanced. + It''s a required field.' type: string required: - - message - - severity + - maxSkew + - topologyKey + - whenUnsatisfiable type: object - type: object - fsid: - type: string - health: - type: string - lastChanged: - type: string - lastChecked: - type: string - previousHealth: - type: string - versions: - description: CephDaemonsVersions show the current ceph version - for different ceph daemons - properties: - cephfs-mirror: - additionalProperties: - type: integer - description: CephFSMirror shows CephFSMirror Ceph version - type: object - mds: - additionalProperties: - type: integer - description: Mds shows Mds Ceph version - type: object - mgr: - additionalProperties: - type: integer - description: Mgr shows Mgr Ceph version - type: object - mon: - additionalProperties: - type: integer - description: Mon shows Mon Ceph version - type: object - osd: - additionalProperties: - type: integer - description: Osd shows Osd Ceph version - type: object - overall: - additionalProperties: - type: integer - description: Overall shows overall Ceph version - type: object - rbd-mirror: - additionalProperties: - type: integer - description: RbdMirror shows RbdMirror Ceph version - type: object - rgw: - additionalProperties: - type: integer - description: Rgw shows Rgw Ceph version - type: object - type: object + type: array type: object - conditions: - items: - description: Condition represents a status condition on any Rook-Ceph - Custom Resource. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - description: ConditionReason is a reason for a condition - type: string - status: - type: string - type: - description: ConditionType represent a resource's status - type: string - type: object - type: array - message: - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: ConditionType represent a resource's status - type: string - state: - description: ClusterState represents the state of a Ceph Cluster - type: string - storage: - description: CephStorage represents flavors of Ceph Cluster Storage + resources: + description: Resources is the resource requirements for the COSI + driver properties: - deviceClasses: + claims: + description: "Claims lists the names of resources, defined in\ + \ spec.resourceClaims, that are used by this container. \n\ + \ This is an alpha field and requires enabling the DynamicResourceAllocation\ + \ feature gate. \n This field is immutable. It can only be\ + \ set for containers." items: - description: DeviceClasses represents device classes of a - Ceph Cluster + description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a container. type: string + required: + - name type: object type: array - type: object - version: - description: ClusterVersion represents the version of a Ceph Cluster - properties: - image: - type: string - version: - type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object type: object type: object - x-kubernetes-preserve-unknown-fields: true required: - metadata - spec type: object served: true storage: true - subresources: - status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -8782,14 +10850,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A - null or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -8956,7 +11029,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object @@ -9533,8 +11607,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -9567,7 +11640,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -10642,15 +12717,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select the pods over which spreading will - be calculated. The keys are used to lookup values - from the incoming pod labels, those key-value labels - are ANDed with labelSelector to select the group - of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." items: type: string type: array @@ -10824,8 +12905,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -10867,8 +12948,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -10901,7 +12981,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -11564,7 +13646,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -12112,7 +14194,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -12700,7 +14782,7 @@ spec: specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -13242,7 +15324,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object sssdConfigFile: @@ -13378,7 +15461,7 @@ spec: here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -14859,15 +16942,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select the pods over which spreading will - be calculated. The keys are used to lookup values - from the incoming pod labels, those key-value labels - are ANDed with labelSelector to select the group - of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." items: type: string type: array @@ -15042,8 +17131,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -15230,6 +17319,17 @@ spec: spec: description: ObjectStoreSpec represent the spec of a pool properties: + allowUsersInNamespaces: + description: The list of allowed namespaces in addition to the object + store namespace where ceph object store users may be created. + Specify "*" to allow all namespaces, otherwise list individual + namespaces that are to be allowed. This is useful for applications + that need object store credentials to be created in their own + namespace, where neither OBCs nor COSI is being used to create + buckets. The default is empty. + items: + type: string + type: array dataPool: description: The data pool settings nullable: true @@ -15453,6 +17553,14 @@ spec: nullable: true type: boolean x-kubernetes-preserve-unknown-fields: true + disableMultisiteSyncTraffic: + description: 'DisableMultisiteSyncTraffic, when true, prevents + this object store''s gateways from transmitting multisite + replication data. Note that this value does not affect whether + gateways receive multisite replication traffic: see ObjectZone.spec.customEndpoints + for that. If false or unset, this object store''s gateways + will be able to transmit multisite replication data.' + type: boolean externalRgwEndpoints: description: ExternalRgwEndpoints points to external RGW endpoint(s). Multiple endpoints can be given, but for stability of ObjectBucketClaims, @@ -16481,15 +18589,21 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select the pods over which spreading will - be calculated. The keys are used to lookup values - from the incoming pod labels, those key-value labels - are ANDed with labelSelector to select the group - of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the - incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label\ + \ keys to select the pods over which spreading will\ + \ be calculated. The keys are used to lookup values\ + \ from the incoming pod labels, those key-value\ + \ labels are ANDed with labelSelector to select\ + \ the group of existing pods over which spreading\ + \ will be calculated for the incoming pod. The same\ + \ key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set\ + \ when LabelSelector isn't set. Keys that don't\ + \ exist in the incoming pod labels will be ignored.\ + \ A null or empty list means only match against\ + \ labelSelector. \n This is a beta field and requires\ + \ the MatchLabelKeysInPodTopologySpread feature\ + \ gate to be enabled (enabled by default)." items: type: string type: array @@ -16668,8 +18782,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true @@ -16740,8 +18854,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -16774,7 +18887,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -16904,8 +19019,7 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC - port. This is a beta field and requires enabling GRPCContainerProbe - feature gate. + port. properties: port: description: Port number of the gRPC service. Number @@ -16938,7 +19052,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -17560,6 +19676,10 @@ spec: - read, write type: string type: object + clusterNamespace: + description: The namespace where the parent CephCluster and CephObjectStore + are found + type: string displayName: description: The display name for the ceph users type: string @@ -17757,14 +19877,17 @@ spec: description: ObjectZoneSpec represent the spec of an ObjectZone properties: customEndpoints: - description: 'If this zone cannot be accessed from other peer Ceph - clusters via the ClusterIP Service endpoint created by Rook, you - must set this to the externally reachable endpoint(s). You may - include the port in the definition. For example: "https://my-object-store.my-domain.net:443". - In many cases, you should set this to the endpoint of the ingress - resource that makes the CephObjectStore associated with this CephObjectStoreZone - reachable to peer clusters. The list can have one or more endpoints - pointing to different RGW servers in the zone.' + description: "If this zone cannot be accessed from other peer Ceph\ + \ clusters via the ClusterIP Service endpoint created by Rook,\ + \ you must set this to the externally reachable endpoint(s). You\ + \ may include the port in the definition. For example: \"https://my-object-store.my-domain.net:443\"\ + . In many cases, you should set this to the endpoint of the ingress\ + \ resource that makes the CephObjectStore associated with this\ + \ CephObjectStoreZone reachable to peer clusters. The list can\ + \ have one or more endpoints pointing to different RGW servers\ + \ in the zone. \n If a CephObjectStore endpoint is omitted from\ + \ this list, that object store's gateways will not receive multisite\ + \ replication data (see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic)." items: type: string nullable: true @@ -19242,14 +21365,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A - null or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label keys\ + \ to select the pods over which spreading will be calculated.\ + \ The keys are used to lookup values from the incoming\ + \ pod labels, those key-value labels are ANDed with\ + \ labelSelector to select the group of existing pods\ + \ over which spreading will be calculated for the incoming\ + \ pod. The same key is forbidden to exist in both MatchLabelKeys\ + \ and LabelSelector. MatchLabelKeys cannot be set when\ + \ LabelSelector isn't set. Keys that don't exist in\ + \ the incoming pod labels will be ignored. A null or\ + \ empty list means only match against labelSelector.\ + \ \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread\ + \ feature gate to be enabled (enabled by default)." items: type: string type: array @@ -19417,7 +21545,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object x-kubernetes-preserve-unknown-fields: true diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml index f7ecc6e2..21673cbc 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/role.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml index 416b3557..b9852c1e 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/rolebinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml index 86a31d71..04905a6c 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/01_rook_ceph_helmchart/rook-ceph/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/created-by: helm app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: rook-ceph-operator - helm.sh/chart: rook-ceph-v1.11.11 + helm.sh/chart: rook-ceph-v1.12.7 operator: rook storage-backend: ceph name: rook-ceph-system @@ -34,3 +34,13 @@ kind: ServiceAccount metadata: name: rook-csi-rbd-provisioner-sa namespace: syn-rook-ceph-operator +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: driver-ceph + app.kubernetes.io/name: cosi-driver-ceph + app.kubernetes.io/part-of: container-object-storage-interface + name: objectstorage-provisioner + namespace: syn-rook-ceph-operator diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/02_openshift_sccs.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/02_openshift_sccs.yaml index ba5b2a1c..ff40c11d 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/02_openshift_sccs.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/02_openshift_sccs.yaml @@ -19,7 +19,8 @@ metadata: name: rook-ceph priority: null readOnlyRootFilesystem: false -requiredDropCapabilities: [] +requiredDropCapabilities: + - All runAsUser: type: RunAsAny seLinuxContext: diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml index 4df9f008..72bbbc3a 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/10_cephcluster_toolbox.yaml @@ -109,7 +109,7 @@ spec: secretKeyRef: key: ceph-username name: rook-ceph-mon - image: docker.io/rook/ceph:v1.11.11 + image: docker.io/rook/ceph:v1.12.7 imagePullPolicy: IfNotPresent name: rook-ceph-tools securityContext: {} diff --git a/tests/golden/openshift4/rook-ceph/rook-ceph/40_alertrules.yaml b/tests/golden/openshift4/rook-ceph/rook-ceph/40_alertrules.yaml index bfb23f1c..4ee034d1 100644 --- a/tests/golden/openshift4/rook-ceph/rook-ceph/40_alertrules.yaml +++ b/tests/golden/openshift4/rook-ceph/rook-ceph/40_alertrules.yaml @@ -306,13 +306,13 @@ spec: syn: 'true' syn_component: rook-ceph type: ceph_default - - alert: SYN_CephPGUnavilableBlockingIO + - alert: SYN_CephPGUnavailableBlockingIO annotations: description: Data availability is reduced, impacting the cluster's ability to service I/O. One or more placement groups (PGs) are in a state that blocks I/O. documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-availability - runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGUnavilableBlockingIO.html + runbook_url: https://hub.syn.tools/rook-ceph/runbooks/CephPGUnavailableBlockingIO.html summary: PG is unavailable, blocking I/O expr: ((ceph_health_detail{name="PG_AVAILABILITY"} == 1) - scalar(ceph_health_detail{name="OSD_DOWN"})) == 1