diff --git a/apis/risingwave/v1alpha1/risingwave_scale_view_types.go b/apis/risingwave/v1alpha1/risingwave_scale_view_types.go index 08e503f6..a57c149b 100644 --- a/apis/risingwave/v1alpha1/risingwave_scale_view_types.go +++ b/apis/risingwave/v1alpha1/risingwave_scale_view_types.go @@ -25,7 +25,7 @@ type RisingWaveScaleViewTargetRef struct { Name string `json:"name"` // Component name. Must be one of meta, frontend, compute, and compactor. - // +kubebuilder:validation:Enum=meta;frontend;compute;compactor;connector + // +kubebuilder:validation:Enum=meta;frontend;compute;compactor Component string `json:"component"` // UID of the target RisingWave object. Should be set by the mutating webhook. diff --git a/apis/risingwave/v1alpha1/risingwave_types.go b/apis/risingwave/v1alpha1/risingwave_types.go index a9ab7b1f..4d63858a 100644 --- a/apis/risingwave/v1alpha1/risingwave_types.go +++ b/apis/risingwave/v1alpha1/risingwave_types.go @@ -48,11 +48,6 @@ type RisingWaveGlobalReplicas struct { // +optional // +kubebuilder:validation:Minimum=0 Compactor int32 `json:"compactor,omitempty"` - - // Replicas of connector component. Replicas specified here is in a default group (with empty name ''). - // +optional - // +kubebuilder:validation:Minimum=0 - Connector int32 `json:"connector,omitempty"` } // RisingWaveComponentsSpec is the spec for RisingWave components. @@ -71,9 +66,6 @@ type RisingWaveComponentsSpec struct { // Compactor contains configuration of the compactor component. Compactor RisingWaveComponent `json:"compactor,omitempty"` - - // Connector contains configuration of the connector component. - Connector RisingWaveComponent `json:"connector,omitempty"` } // RisingWaveSpec is the overall spec. @@ -112,13 +104,6 @@ type RisingWaveSpec struct { // +kubebuilder:default=false EnableStandaloneMode *bool `json:"enableStandaloneMode,omitempty"` - // Flag to control whether to use the embedded connector (recommended). If embedded connector is enabled, - // the dedicated connectors won't be deployed and used anymore and the corresponding fields will be ignored. - // The dedicated connector will be deprecated soon because of its error proneness. - // +optional - // +kubebuilder:default=false - EnableEmbeddedConnector *bool `json:"enableEmbeddedConnector,omitempty"` - // Image for RisingWave component. Image string `json:"image"` @@ -184,9 +169,6 @@ type RisingWaveComponentsReplicasStatus struct { // Running status of compactor. Compactor ComponentReplicasStatus `json:"compactor"` - // Running status of connector. - Connector ComponentReplicasStatus `json:"connector"` - // Running status of standalone component. Standalone ComponentReplicasStatus `json:"standalone"` } diff --git a/apis/risingwave/v1alpha1/zz_generated.deepcopy.go b/apis/risingwave/v1alpha1/zz_generated.deepcopy.go index 7c7edb72..d143932c 100644 --- a/apis/risingwave/v1alpha1/zz_generated.deepcopy.go +++ b/apis/risingwave/v1alpha1/zz_generated.deepcopy.go @@ -255,7 +255,6 @@ func (in *RisingWaveComponentsReplicasStatus) DeepCopyInto(out *RisingWaveCompon in.Frontend.DeepCopyInto(&out.Frontend) in.Compute.DeepCopyInto(&out.Compute) in.Compactor.DeepCopyInto(&out.Compactor) - in.Connector.DeepCopyInto(&out.Connector) in.Standalone.DeepCopyInto(&out.Standalone) } @@ -281,7 +280,6 @@ func (in *RisingWaveComponentsSpec) DeepCopyInto(out *RisingWaveComponentsSpec) in.Frontend.DeepCopyInto(&out.Frontend) in.Compute.DeepCopyInto(&out.Compute) in.Compactor.DeepCopyInto(&out.Compactor) - in.Connector.DeepCopyInto(&out.Connector) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RisingWaveComponentsSpec. @@ -1106,11 +1104,6 @@ func (in *RisingWaveSpec) DeepCopyInto(out *RisingWaveSpec) { *out = new(bool) **out = **in } - if in.EnableEmbeddedConnector != nil { - in, out := &in.EnableEmbeddedConnector, &out.EnableEmbeddedConnector - *out = new(bool) - **out = **in - } in.AdditionalFrontendServiceMetadata.DeepCopyInto(&out.AdditionalFrontendServiceMetadata) in.MetaStore.DeepCopyInto(&out.MetaStore) in.StateStore.DeepCopyInto(&out.StateStore) diff --git a/config/crd/bases/risingwave.risingwavelabs.com_risingwaves.yaml b/config/crd/bases/risingwave.risingwavelabs.com_risingwaves.yaml index acbc4caa..be22cd6f 100644 --- a/config/crd/bases/risingwave.risingwavelabs.com_risingwaves.yaml +++ b/config/crd/bases/risingwave.risingwavelabs.com_risingwaves.yaml @@ -14527,7231 +14527,6 @@ spec: - name x-kubernetes-list-type: map type: object - connector: - description: Connector contains configuration of the connector - component. - properties: - disallowPrintStackTraces: - description: DisallowPrintStackTraces determines if the stack - traces are allowed to print when panic happens. This options - applies to both Rust and Java programs. Defaults to false. - type: boolean - logLevel: - default: INFO - description: LogLevel controls the log level of the running - nodes. It can be in any format that the underlying component - supports, e.g., in the RUST_LOG format for Rust programs. - Defaults to INFO. - type: string - nodeGroups: - description: NodeGroups of the component deployment. - items: - description: RisingWaveNodeGroup is the definition of a - group of RisingWave nodes of the same component. - properties: - configuration: - description: Configuration determines the configuration - to be used for the RisingWave nodes. - properties: - configMap: - description: ConfigMap where the `risingwave.toml` - locates. - properties: - key: - default: risingwave.toml - description: Key to the configuration file. - Defaults to `risingwave.toml`. - type: string - name: - description: Name determines the ConfigMap to - provide the configs RisingWave requests. It - will be mounted on the Pods directly. It the - ConfigMap isn't provided, the controller will - use empty value as the configs. - type: string - optional: - description: Optional determines if the key - must exist in the ConfigMap. Defaults to false. - type: boolean - type: object - secret: - description: Secret where the `risingwave.toml` - locates. - properties: - key: - default: risingwave.toml - description: Key to the configuration file. - Defaults to `risingwave.toml`. - type: string - name: - description: Name determines the Secret to provide - the configs RisingWave requests. It will be - mounted on the Pods directly. It the Secret - isn't provided, the controller will use empty - value as the configs. - type: string - optional: - description: Optional determines if the key - must exist in the Secret. Defaults to false. - type: boolean - type: object - type: object - minReadySeconds: - description: Minimum number of seconds for which a newly - created pod should be ready without any of its container - crashing for it to be considered available. Defaults - to 0 (pod will be considered available as soon as - it is ready) - format: int32 - type: integer - name: - default: "" - description: Name of the node group. - type: string - persistentVolumeClaimRetentionPolicy: - description: persistentVolumeClaimRetentionPolicy describes - the lifecycle of persistent volume claims created - from volumeClaimTemplates. By default, all persistent - volume claims are created as needed and retained until - manually deleted. This policy allows the lifecycle - to be altered, for example by deleting persistent - volume claims when their stateful set is deleted, - or when their pod is scaled down. This requires the - StatefulSetAutoDeletePVC feature gate to be enabled, - which is alpha. - properties: - whenDeleted: - description: WhenDeleted specifies what happens - to PVCs created from StatefulSet VolumeClaimTemplates - when the StatefulSet is deleted. The default policy - of `Retain` causes PVCs to not be affected by - StatefulSet deletion. The `Delete` policy causes - those PVCs to be deleted. - type: string - whenScaled: - description: WhenScaled specifies what happens to - PVCs created from StatefulSet VolumeClaimTemplates - when the StatefulSet is scaled down. The default - policy of `Retain` causes PVCs to not be affected - by a scaledown. The `Delete` policy causes the - associated PVCs for any excess pods above the - replica count to be deleted. - type: string - type: object - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be failed. - The deployment controller will continue to process - failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. - Note that progress will not be estimated during the - time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - description: Replicas of Pods in this group. - format: int32 - minimum: 0 - type: integer - restartAt: - description: RestartAt is the time that the Pods under - the group should be restarted. Setting a value on - this field will trigger a full recreation of the Pods. - Defaults to nil. - format: date-time - type: string - template: - description: Template tells how the Pod should be started. - It is an optional field. If it's empty, then the pod - template in the first-level fields under spec will - be used. - properties: - metadata: - description: PartialObjectMeta tells the operator - to add the specified metadata onto the Pod. - properties: - annotations: - additionalProperties: - type: string - description: Annotations of the object. - type: object - labels: - additionalProperties: - type: string - description: Labels of the object. - type: object - type: object - spec: - description: RisingWaveNodePodTemplateSpec determines - the Pod spec to start the RisingWave pod. - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the - pod may be active on the node relative to - StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - format: int64 - type: integer - additionalContainers: - description: Additional containers to run in - the same Pod. The containers will be appended - to the Pod's containers array in order. - items: - description: A single application container - that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless - of whether the variable exists or not. - Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s - ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are - expanded using the container''s environment. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables - to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never - be expanded, regardless of whether - the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of - a ConfigMap. - properties: - key: - description: The key to - select. - type: string - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of - a secret in the pod's namespace - properties: - key: - description: The key of - the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when the - container is starting. When a key exists - in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be - updated. - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select - from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default or - override container images in workload - controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of - Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot be - updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called - immediately after a container is - created. If the handler fails, the - container is terminated and restarted - according to its restart policy. - Other management of the container - blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the - action to take. - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies - the http request to perform. - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access - on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. - properties: - seconds: - description: Seconds is the - number of seconds to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated - due to an API request or management - event such as liveness/startup probe - failure, preemption, resource contention, - etc. The handler is not called if - the container crashes or exits. - The Pod''s termination grace period - countdown begins before the PreStop - hook is executed. Regardless of - the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes - or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the - action to take. - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies - the http request to perform. - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access - on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. - properties: - seconds: - description: Seconds is the - number of seconds to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified - as a DNS_LABEL. Each container in a - pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from - the container. Not specifying a port - here DOES NOT prevent that port from - being exposed. Any port which is listening - on the default "0.0.0.0" address inside - a container will be accessible from - the network. Modifying this array with - strategic merge patch may corrupt the - data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents - a network port in a single container. - properties: - containerPort: - description: Number of port to expose - on the pod's IP address. This - must be a valid port number, 0 - < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind - the external port to. - type: string - hostPort: - description: Number of port to expose - on the host. If specified, this - must be a valid port number, 0 - < x < 65536. If HostNetwork is - specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this - must be an IANA_SVC_NAME and unique - within the pod. Each named port - in a pod must have a unique name. - Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be - removed from service endpoints if the - probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for - the container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource - to which this resource resize - policy applies. Supported values: - cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply - when specified resource is resized. - If not specified, it defaults - to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match - the name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the - restart behavior of individual containers - in a pod. This field may only be set - for init containers, and the only allowed - value is "Always". For non-init containers - or when this field is not specified, - the restart behavior is defined by the - Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the - following effect: this init container - will be continually restarted on exit - until all regular containers have terminated. - Once all regular containers have completed, - all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers - and is often referred to as a "sidecar" - container. Although this init container - still starts in the init container sequence, - it does not wait for the container to - complete before proceeding to the next - init container. Instead, the next init - container starts immediately after this - init container is started, or after - any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines - the security options the container should - be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent - process. This bool directly controls - if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has - CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name - is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. - Note that this field cannot be set - when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the - type of proc mount to use for the - containers. The default is DefaultProcMount - which uses the container runtime - defaults for readonly paths and - masked paths. This requires the - ProcMountType feature flag to be - enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to - be applied to the container. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux - level label that applies to - the container. - type: string - role: - description: Role is a SELinux - role label that applies to the - container. - type: string - type: - description: Type is a SELinux - type label that applies to the - container. - type: string - user: - description: User is a SELinux - user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. - type: string - type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be used. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set - when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that - the Pod has successfully initialized. - If specified, no other probes are executed - until this completes successfully. If - this probe fails, the Pod will be restarted, - just as if the livenessProbe failed. - This can be used to provide different - probe parameters at the beginning of - a Pod''s lifecycle, when it might take - a long time to load data or warm a cache, - than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s termination - message will be written is mounted into - the container''s filesystem. Message - written is intended to be brief final - status, such as an assertion failure - message. Will be truncated by the node - if greater than 4096 bytes. The total - message length across all containers - will be limited to 12kb. Defaults to - /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File will - use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. - type: string - tty: - description: Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list - of block devices to be used by the container. - items: - description: volumeDevice describes - a mapping of a raw block device within - a container. - properties: - devicePath: - description: devicePath is the path - inside of the container that the - device will be mapped to. - type: string - name: - description: name must match the - name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot be - updated. - items: - description: VolumeMount describes a - mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from - the host to container and the - other way around. When not set, - MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the - Name of a Volume. - type: string - readOnly: - description: Mounted read-only if - true, read-write otherwise (false - or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to - "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" (volume's - root). SubPathExpr and SubPath - are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be - configured in the container image. Cannot - be updated. - type: string - required: - - name - type: object - type: array - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; the - node(s) with the highest sum are the - most preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A - null preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node - selector requirements by - node's labels. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by - node's fields. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to an update), the system may or may - not try to eventually evict the pod - from its node. - properties: - nodeSelectorTerms: - description: Required. A list of - node selector terms. The terms - are ORed. - items: - description: A null or empty node - selector term matches no objects. - The requirements of them are - ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node - selector requirements by - node's labels. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by - node's fields. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, - MatchLabelKeys cannot be - set when LabelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, - MismatchLabelKeys cannot - be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, MatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `LabelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting this - pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node has - pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, - MatchLabelKeys cannot be - set when LabelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, - MismatchLabelKeys cannot - be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - anti-affinity requirements specified - by this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, MatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `LabelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates - whether a service account token should be - automatically mounted. - type: boolean - dnsConfig: - description: Specifies the DNS parameters of - a pod. Parameters specified here will be merged - to the generated DNS configuration based on - DNSPolicy. - properties: - nameservers: - description: A list of DNS name server IP - addresses. This will be appended to the - base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated entries - will be removed. Resolution options given - in Options will override those that appear - in the base DNSPolicy. - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: A list of DNS search domains - for host-name lookup. This will be appended - to the base search paths generated from - DNSPolicy. Duplicated search paths will - be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the - policy selected with DNSPolicy. To have DNS - options set along with hostNetwork, you have - to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - enum: - - ClusterFirst - - ClusterFirstWithHostNet - - Default - - None - type: string - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - hostAliases: - description: HostAliases is an optional list - of hosts and IPs that will be injected into - the pod's hosts file if specified. This is - only valid for non-hostNetwork pods. - items: - description: HostAlias holds the mapping between - IP and hostnames that will be injected as - an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP - address. - items: - type: string - type: array - ip: - description: IP address of the host file - entry. - type: string - type: object - type: array - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostUsers: - description: 'Use the host''s user namespace. - Optional: Default to true. If set to true - or not present, the pod will be run in the - host user namespace, useful for when the pod - needs a feature only available to the host - user namespace, such as loading a kernel module - with CAP_SYS_MODULE. When set to false, a - new userns is created for the pod. Setting - false is useful for mitigating container breakout - vulnerabilities even allowing users to run - their containers as root without actually - having root privileges on the host. This field - is alpha-level and is only honored by servers - that enable the UserNamespacesSupport feature.' - type: boolean - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the images - used by this PodSpec. If specified, these - secrets will be passed to individual puller - implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - x-kubernetes-map-type: atomic - os: - description: "Specifies the OS of the containers - in the pod. Some pod and container fields - are restricted if this is set. \n If the OS - field is set to linux, the following fields - must be unset: -securityContext.windowsOptions - \n If the OS field is set to windows, following - fields must be unset: - spec.hostPID - spec.hostIPC - - spec.hostUsers - spec.securityContext.seLinuxOptions - - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - - spec.securityContext.fsGroupChangePolicy - - spec.securityContext.sysctls - spec.shareProcessNamespace - - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - - spec.securityContext.supplementalGroups - - spec.containers[*].securityContext.seLinuxOptions - - spec.containers[*].securityContext.seccompProfile - - spec.containers[*].securityContext.capabilities - - spec.containers[*].securityContext.readOnlyRootFilesystem - - spec.containers[*].securityContext.privileged - - spec.containers[*].securityContext.allowPrivilegeEscalation - - spec.containers[*].securityContext.procMount - - spec.containers[*].securityContext.runAsUser - - spec.containers[*].securityContext.runAsGroup" - properties: - name: - description: 'Name is the name of the operating - system. The currently supported values - are linux and windows. Additional value - may be defined in future and can be one - of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - Clients should expect to handle additional - values and treat unrecognized values in - this field as os: null' - type: string - required: - - name - type: object - podSecurityContext: - description: 'SecurityContext holds pod-level - security attributes and common container settings. - Optional: Defaults to empty. See type description - for default values of each field.' - properties: - fsGroup: - description: "A special supplemental group - that applies to all containers in a pod. - Some volume types allow the Kubelet to - change the ownership of that volume to - be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that - this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect on - ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note that - this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to - the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and group - memberships defined in the container image - for the uid of the container process. - If unspecified, no additional groups are - added to any container. Note that group - memberships defined in the container image - for the uid of the container process are - still effective, even if they are not - included in this list. Note that this - field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might - fail to launch. Note that this field cannot - be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter - to be set - properties: - name: - description: Name of a property to - set - type: string - value: - description: Value of a property to - set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. One - of Never, PreemptLowerPriority. Defaults to - PreemptLowerPriority if unset. - type: string - priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. - format: int32 - type: integer - priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the - highest priorities with the former being the - highest priority. Any other name must be defined - by creating a PriorityClass object with that - name. If not specified, the pod priority will - be default or zero if there is no default. - type: string - resources: - description: 'Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass - resource matches the named class, the pod - will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit - class with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' - type: string - schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, - the pod will be dispatched by default scheduler. - type: string - securityContext: - description: 'SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this pod. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - setHostnameAsFQDN: - description: If true the pod's hostname will - be configured as the pod's FQDN, rather than - the leaf name (the default). In Linux containers, - this means setting the FQDN in the hostname - field of the kernel (the nodename field of - struct utsname). In Windows containers, this - means setting the registry value of hostname - for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this - has no effect. Default to false. - type: boolean - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. When - this is set containers will be able to view - and signal processes from other containers - in the same pod, and the first process in - each container will not be assigned PID 1. - HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false.' - type: boolean - terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully. May be - decreased in delete request. Value must be - non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). If this value is nil, the default - grace period will be used instead. The grace - period is the duration in seconds after the - processes running in the pod are sent a termination - signal and the time when the processes are - forcibly halted with a kill signal. Set this - value longer than the expected cleanup time - for your process. Defaults to 30 seconds. - format: int64 - type: integer - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached - to tolerates any taint that matches the - triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. - type: string - operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for - value, so that a pod can tolerate all - taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the - taint. By default, it is not set, which - means tolerate the taint forever (do - not evict). Zero and negative values - will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. - properties: - labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to determine - the number of pods in their corresponding - topology domain. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values from - the incoming pod labels, those key-value - labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key is - forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. - Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against - labelSelector. \n This is a beta field - and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the minimum - number of matching pods in an eligible - domain or zero if the number of eligible - domains is less than MinDomains. For - example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is - 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is 1 - and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the - number of eligible domains with matching - topology keys is less than minDomains, - Pod Topology Spread treats \"global - minimum\" as 0, and then the calculation - of Skew is performed. And when the number - of eligible domains with matching topology - keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, the - constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, - WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is set - to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number - of domains is less than 5(MinDomains), - so \"global minimum\" is treated as - 0. In this situation, new pod with the - same labelSelector cannot be scheduled, - because computed skew will be 3(3 - - 0) if new Pod is scheduled to any of - the three zones, it will violate MaxSkew. - \n This is a beta field and requires - the MinDomainsInPodTopologySpread feature - gate to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector are - included in the calculations. - Ignore: - nodeAffinity/nodeSelector are ignored. - All nodes are included in the calculations. - \n If this value is nil, the behavior - is equivalent to the Honor policy. This - is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along - with tainted nodes for which the incoming - pod has a toleration, are included. - - Ignore: node taints are ignored. All - nodes are included. \n If this value - is nil, the behavior is equivalent to - the Ignore policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - topologyKey: - description: TopologyKey is the key of - node labels. Nodes that have a label - with this key and identical values are - considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods - into each bucket. We define a domain - as a particular instance of a topology. - Also, we define an eligible domain as - a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to - schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod in - any location, but giving higher precedence - to topologies that would help reduce - the skew. A constraint is considered - "Unsatisfiable" for an incoming pod - if and only if every possible node assignment - for that pod would violate "MaxSkew" - on some topology. For example, in a - 3-zone cluster, MaxSkew is set to 1, - and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name - of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name - of a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes' - items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID - of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind - mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: diskName is the Name - of the data disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of - data disk in the blob storage - type: string - fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in - managed availability set). defaults - to shared' - type: string - readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. - properties: - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: shareName is the azure - share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a pod's - lifetime - properties: - monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used - as the mounted root, rather than - the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User - is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the ConfigMap, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether - the ConfigMap or its keys must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is - handled by certain external CSI drivers - (Beta feature). - properties: - driver: - description: driver is the name of - the CSI driver that handles this - volume. Consult with your admin - for the correct name as registered - in the cluster. - type: string - fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the - associated CSI driver which will - determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. - If the secret object contains more - than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a - read-only configuration for the - volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. Consult - your driver's documentation for - supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits used - to set permissions on created files - by default. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward - API volume file - items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string - (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The size - limit is also applicable for memory - medium. The maximum usage on memory - medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits - of all containers in a pod. The - default is nil which means that - the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage - driver. The volume's lifecycle is tied - to the pod that defines it - it will - be created before the pod starts, and - deleted when the pod is removed. \n - Use this if: a) the volume is only needed - while the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, c) - the storage driver is specified through - a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see - EphemeralVolumeSource for more information - on the connection between this volume - type and PersistentVolumeClaim). \n - Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." - properties: - volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of - the PVC, i.e. the PVC will be deleted - together with the pod. The name - of the PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not owned - by the pod will *not* be used for - the pod to avoid using an unrelated - volume by mistake. Starting the - pod is then blocked until the unrelated - PVC is removed. If such a pre-created - PVC is meant to be used by the pod, - the PVC has to updated with an owner - reference to the pod once the pod - exists. Normally this should not - be necessary, but it may be useful - when manually reconstructing a broken - cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." - properties: - metadata: - description: May contain labels - and annotations that will be - copied into the PVC when creating - it. No other fields are allowed - and will be rejected during - validation. - type: object - spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an - external controller can - support the specified data - source, it will create a - new volume based on the - contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents will - be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This - may be any object from a - non-empty API group (non - core object) or a PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace - the functionality of the - dataSource field and as - such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the other - is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to - the same value and must - be empty. There are three - important differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific types - of objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a - disallowed value is specified. - * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field - requires the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the - reference. See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify resource - requirements that are lower - than previous value but - must still be higher than - capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute resources - required. If Requests - is omitted for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a - label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the - claim is created. An empty - string value means that - no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to - reset this field to empty - string once it is set. If - unspecified and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass will - be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by the - modifyVolumeStatus field, - until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is - the binding reference to - the PersistentVolume backing - this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC - target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. - properties: - driver: - description: driver is the name of - the driver to use for this volume. - type: string - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: - this field holds extra command options - if any.' - type: object - readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object - is specified. If the secret object - contains more than one secret, all - secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty). More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git - repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To - provision a container with a git repo, - mount an EmptyDir into an InitContainer - that clones the repo using git, then - mount the EmptyDir into the Pod''s container.' - properties: - directory: - description: directory is the target - directory name. Must not contain - or start with '..'. If '.' is supplied, - the volume directory will be the - git repository. Otherwise, if specified, - the volume will contain the git - repository in the subdirectory with - the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit - hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are - allowed to see the host machine. Most - containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' - properties: - path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a - kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication - type: boolean - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI - Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). - type: string - lun: - description: lun represents iSCSI - Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI - Target Portal List. The portal is - either an IP or ip_addr:port if - the port is other than default (typically - TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must - be a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using - this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - properties: - fsType: - description: fSType represents the - filesystem type to mount Must be - a filesystem type supported by the - host operating system. Ex. "ext4", - "xfs". Implicitly inferred to be - "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API - properties: - defaultMode: - description: defaultMode are the mode - bits used to set permissions on - created files by default. Must be - an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set. - format: int32 - type: integer - sources: - description: sources is the list of - volume projections - items: - description: Projection that may - be projected along with other - supported volume types - properties: - clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization of - the PEM contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The ordering - of certificates within the - file is arbitrary, and Kubelet - may change the order over - time." - properties: - labelSelector: - description: Select all - ClusterTrustBundles that - match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Select a single - ClusterTrustBundle by - object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If - using name, then the named - ClusterTrustBundle is - allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. - type: boolean - path: - description: Relative path - from the volume root to - write the bundle. - type: string - signerName: - description: Select all - ClusterTrustBundles that - match this signer name. - Mutually-exclusive with - name. The contents of - all selected ClusterTrustBundles - will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information - about the configMap data to - project - properties: - items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced ConfigMap will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain the - '..' path or start with - '..'. - items: - description: Maps a string - key to a path within - a volume. - properties: - key: - description: key is - the key to project. - type: string - mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify - whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project - properties: - items: - description: Items is a - list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name and namespace - are supported.' - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field - to select in - the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: - mode bits used to - set permissions - on this file, must - be an octal value - between 0000 and - 0777 or a decimal - value between 0 - and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of the - container: only - resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information - about the secret data to project - properties: - items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced Secret will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - Secret, the volume setup - will error unless it is - marked optional. Paths - must be relative and may - not contain the '..' path - or start with '..'. - items: - description: Maps a string - key to a path within - a volume. - properties: - key: - description: key is - the key to project. - type: string - mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field - specify whether the Secret - or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project - properties: - audience: - description: audience is - the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of the - apiserver. - type: string - expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account token. - The kubelet will start - trying to rotate the token - if the token is older - than 80 percent of its - time to live or if the - token is older than 24 - hours.Defaults to 1 hour - and must be at least 10 - minutes. - format: int64 - type: integer - path: - description: path is the - path relative to the mount - point of the file to project - the token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime - properties: - group: - description: group to map volume access - to Default is no group - type: string - readOnly: - description: readOnly here will force - the Quobyte volume to be mounted - with read-only permissions. Defaults - to false. - type: boolean - registry: - description: registry represents a - single or multiple Quobyte Registry - services specified as a string as - host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes - type: string - tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: user to map volume access - to Defaults to serivceaccount user - type: string - volume: - description: volume is a string that - references an already created Quobyte - volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool - name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of - the authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: secretRef references - to the secret for ScaleIO user and - other sensitive information. If - this is not provided, Login operation - will fail. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the - protection domain. - type: string - system: - description: system is the name of - the storage system as configured - in ScaleIO. - type: string - volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the Secret, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify - whether the Secret or its keys must - be defined - type: boolean - secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the - secret to use for obtaining the - StorageOS API credentials. If not - specified, default values will be - attempted. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within - StorageOS. Namespaces that do not - pre-exist within StorageOS will - be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - properties: - fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - upgradeStrategy: - description: 'Upgrade strategy for the components. By - default, it is the same as the workload''s default - strategy that the component is deployed with. Note: - the maxSurge will not take effect for the compute - component.' - properties: - inPlaceUpdateStrategy: - description: InPlaceUpdateStrategy contains strategies - for in-place update. - properties: - gracePeriodSeconds: - description: GracePeriodSeconds is the timespan - between set Pod status to not-ready and update - images in Pod spec when in-place update a - Pod. - format: int32 - type: integer - type: object - rollingUpdate: - description: Rolling update config params. Present - only if DeploymentStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - default: 0 - description: 'The maximum number of pods that - can be scheduled above the desired replicas - during update or specified delete. Value can - be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding - up. Defaults to 0.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - default: 25% - description: 'The maximum number of pods that - can be unavailable during the update. Value - can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding - down. Defaults to 25%.' - x-kubernetes-int-or-string: true - partition: - anyOf: - - type: integer - - type: string - default: 0 - description: 'Partition is the desired number - of pods in old revisions. Value can be an - absolute number (ex: 5) or a percentage of - desired pods (ex: 10%). Absolute number is - calculated from percentage by rounding up - by default. It means when partition is set - during pods updating, (replicas - partition - value) number of pods will be updated. Default - value is 0.' - x-kubernetes-int-or-string: true - type: object - type: - default: RollingUpdate - description: Type of upgrade. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - enum: - - Recreate - - RollingUpdate - - InPlaceIfPossible - - InPlaceOnly - type: string - type: object - volumeClaimTemplates: - description: volumeClaimTemplates is a list of claims - that pods are allowed to reference. The StatefulSet - controller is responsible for mapping network identities - to claims in a way that maintains the identity of - a pod. Every claim in this list must have at least - one matching (by name) volumeMount in one container - in the template. A claim in this list takes precedence - over any volumes in the template, with the same name. - items: - description: PersistentVolumeClaim used by RisingWave. - properties: - metadata: - description: PersistentVolumeClaimPartialObjectMeta - is the metadata for PVC templates. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - finalizers: - description: Must be empty before the object - is deleted from the registry. Each entry - is an identifier for the responsible component - that will remove the entry from the list. - If the deletionTimestamp of the object is - non-nil, entries in this list can only be - removed. Finalizers may be processed and - removed in any order. Order is NOT enforced - because it introduces significant risk of - stuck finalizers. finalizers is a shared - field, any actor with permission can reorder - it. If the finalizer list is processed in - order, then this can lead to a situation - in which the component responsible for the - first finalizer in the list is waiting for - a signal (field value, external system, - or other) produced by a component responsible - for a finalizer later in the list, resulting - in a deadlock. Without enforced ordering - finalizers are free to order amongst themselves - and are not vulnerable to ordering changes - in the list. - items: - type: string - type: array - labels: - additionalProperties: - type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a - namespace. Is required when creating resources, - although some resources may allow a client - to request the generation of an appropriate - name automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - type: object - spec: - description: 'spec defines the desired characteristics - of a volume requested by a pod author. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents - will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when - dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of - the specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such if both - fields are non-empty, they must have the - same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is - non-empty. When namespace is specified in - dataSourceRef, dataSource isn''t set to - the same value and must be empty. There - are three important differences between - dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, - dataSourceRef allows any non-core object, - as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves - all values, and generates an error if a - disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: Namespace is the namespace - of resource being referenced Note that - when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant - documentation for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are lower - than previous value but must still be higher - than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may - be used to set the VolumeAttributesClass - used by this claim. If specified, the CSI - driver will create or update the volume - with the attributes defined in the corresponding - VolumeAttributesClass. This has a different - purpose than storageClassName, it can be - changed after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s not - allowed to reset this field to empty string - once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to - by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set to - a Pending state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object frontend: description: Frontend contains configuration of the frontend component. properties: @@ -42729,14 +35504,6 @@ spec: even if it's set to true, the controller will determine if it can create the resource by checking if the CRDs are installed. type: boolean - enableEmbeddedConnector: - default: false - description: Flag to control whether to use the embedded connector - (recommended). If embedded connector is enabled, the dedicated connectors - won't be deployed and used anymore and the corresponding fields - will be ignored. The dedicated connector will be deprecated soon - because of its error proneness. - type: boolean enableFullKubernetesAddr: default: false description: Flag to indicate if full kubernetes address should be @@ -43215,47 +35982,6 @@ spec: - running - target type: object - connector: - description: Running status of connector. - properties: - groups: - description: List of running status of each group. - items: - description: ComponentGroupReplicasStatus are the running - status of Pods in group. - properties: - exists: - description: Existence status of the group. - type: boolean - name: - description: Name of the group. - type: string - running: - description: Running replicas in the group. - format: int32 - type: integer - target: - description: Target replicas of the group. - format: int32 - type: integer - required: - - name - - running - - target - type: object - type: array - running: - description: Total running replicas of the component. - format: int32 - type: integer - target: - description: Total target replicas of the component. - format: int32 - type: integer - required: - - running - - target - type: object frontend: description: Running status of frontend. properties: @@ -43382,7 +36108,6 @@ spec: required: - compactor - compute - - connector - frontend - meta - standalone diff --git a/config/crd/bases/risingwave.risingwavelabs.com_risingwavescaleviews.yaml b/config/crd/bases/risingwave.risingwavelabs.com_risingwavescaleviews.yaml index e22a0d96..ed14d237 100644 --- a/config/crd/bases/risingwave.risingwavelabs.com_risingwavescaleviews.yaml +++ b/config/crd/bases/risingwave.risingwavelabs.com_risingwavescaleviews.yaml @@ -104,7 +104,6 @@ spec: - frontend - compute - compactor - - connector type: string name: description: Name of the RisingWave object. diff --git a/config/risingwave-operator-test.yaml b/config/risingwave-operator-test.yaml index cb5b8071..833f4921 100644 --- a/config/risingwave-operator-test.yaml +++ b/config/risingwave-operator-test.yaml @@ -14544,7231 +14544,6 @@ spec: - name x-kubernetes-list-type: map type: object - connector: - description: Connector contains configuration of the connector - component. - properties: - disallowPrintStackTraces: - description: DisallowPrintStackTraces determines if the stack - traces are allowed to print when panic happens. This options - applies to both Rust and Java programs. Defaults to false. - type: boolean - logLevel: - default: INFO - description: LogLevel controls the log level of the running - nodes. It can be in any format that the underlying component - supports, e.g., in the RUST_LOG format for Rust programs. - Defaults to INFO. - type: string - nodeGroups: - description: NodeGroups of the component deployment. - items: - description: RisingWaveNodeGroup is the definition of a - group of RisingWave nodes of the same component. - properties: - configuration: - description: Configuration determines the configuration - to be used for the RisingWave nodes. - properties: - configMap: - description: ConfigMap where the `risingwave.toml` - locates. - properties: - key: - default: risingwave.toml - description: Key to the configuration file. - Defaults to `risingwave.toml`. - type: string - name: - description: Name determines the ConfigMap to - provide the configs RisingWave requests. It - will be mounted on the Pods directly. It the - ConfigMap isn't provided, the controller will - use empty value as the configs. - type: string - optional: - description: Optional determines if the key - must exist in the ConfigMap. Defaults to false. - type: boolean - type: object - secret: - description: Secret where the `risingwave.toml` - locates. - properties: - key: - default: risingwave.toml - description: Key to the configuration file. - Defaults to `risingwave.toml`. - type: string - name: - description: Name determines the Secret to provide - the configs RisingWave requests. It will be - mounted on the Pods directly. It the Secret - isn't provided, the controller will use empty - value as the configs. - type: string - optional: - description: Optional determines if the key - must exist in the Secret. Defaults to false. - type: boolean - type: object - type: object - minReadySeconds: - description: Minimum number of seconds for which a newly - created pod should be ready without any of its container - crashing for it to be considered available. Defaults - to 0 (pod will be considered available as soon as - it is ready) - format: int32 - type: integer - name: - default: "" - description: Name of the node group. - type: string - persistentVolumeClaimRetentionPolicy: - description: persistentVolumeClaimRetentionPolicy describes - the lifecycle of persistent volume claims created - from volumeClaimTemplates. By default, all persistent - volume claims are created as needed and retained until - manually deleted. This policy allows the lifecycle - to be altered, for example by deleting persistent - volume claims when their stateful set is deleted, - or when their pod is scaled down. This requires the - StatefulSetAutoDeletePVC feature gate to be enabled, - which is alpha. - properties: - whenDeleted: - description: WhenDeleted specifies what happens - to PVCs created from StatefulSet VolumeClaimTemplates - when the StatefulSet is deleted. The default policy - of `Retain` causes PVCs to not be affected by - StatefulSet deletion. The `Delete` policy causes - those PVCs to be deleted. - type: string - whenScaled: - description: WhenScaled specifies what happens to - PVCs created from StatefulSet VolumeClaimTemplates - when the StatefulSet is scaled down. The default - policy of `Retain` causes PVCs to not be affected - by a scaledown. The `Delete` policy causes the - associated PVCs for any excess pods above the - replica count to be deleted. - type: string - type: object - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be failed. - The deployment controller will continue to process - failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. - Note that progress will not be estimated during the - time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - description: Replicas of Pods in this group. - format: int32 - minimum: 0 - type: integer - restartAt: - description: RestartAt is the time that the Pods under - the group should be restarted. Setting a value on - this field will trigger a full recreation of the Pods. - Defaults to nil. - format: date-time - type: string - template: - description: Template tells how the Pod should be started. - It is an optional field. If it's empty, then the pod - template in the first-level fields under spec will - be used. - properties: - metadata: - description: PartialObjectMeta tells the operator - to add the specified metadata onto the Pod. - properties: - annotations: - additionalProperties: - type: string - description: Annotations of the object. - type: object - labels: - additionalProperties: - type: string - description: Labels of the object. - type: object - type: object - spec: - description: RisingWaveNodePodTemplateSpec determines - the Pod spec to start the RisingWave pod. - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the - pod may be active on the node relative to - StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - format: int64 - type: integer - additionalContainers: - description: Additional containers to run in - the same Pod. The containers will be appended - to the Pod's containers array in order. - items: - description: A single application container - that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless - of whether the variable exists or not. - Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s - ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are - expanded using the container''s environment. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables - to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never - be expanded, regardless of whether - the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of - a ConfigMap. - properties: - key: - description: The key to - select. - type: string - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of - a secret in the pod's namespace - properties: - key: - description: The key of - the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when the - container is starting. When a key exists - in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be - updated. - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select - from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default or - override container images in workload - controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of - Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot be - updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called - immediately after a container is - created. If the handler fails, the - container is terminated and restarted - according to its restart policy. - Other management of the container - blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the - action to take. - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies - the http request to perform. - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access - on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. - properties: - seconds: - description: Seconds is the - number of seconds to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated - due to an API request or management - event such as liveness/startup probe - failure, preemption, resource contention, - etc. The handler is not called if - the container crashes or exits. - The Pod''s termination grace period - countdown begins before the PreStop - hook is executed. Regardless of - the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes - or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the - action to take. - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies - the http request to perform. - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access - on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. - properties: - seconds: - description: Seconds is the - number of seconds to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified - as a DNS_LABEL. Each container in a - pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from - the container. Not specifying a port - here DOES NOT prevent that port from - being exposed. Any port which is listening - on the default "0.0.0.0" address inside - a container will be accessible from - the network. Modifying this array with - strategic merge patch may corrupt the - data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents - a network port in a single container. - properties: - containerPort: - description: Number of port to expose - on the pod's IP address. This - must be a valid port number, 0 - < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind - the external port to. - type: string - hostPort: - description: Number of port to expose - on the host. If specified, this - must be a valid port number, 0 - < x < 65536. If HostNetwork is - specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this - must be an IANA_SVC_NAME and unique - within the pod. Each named port - in a pod must have a unique name. - Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be - removed from service endpoints if the - probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for - the container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource - to which this resource resize - policy applies. Supported values: - cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply - when specified resource is resized. - If not specified, it defaults - to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match - the name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the - restart behavior of individual containers - in a pod. This field may only be set - for init containers, and the only allowed - value is "Always". For non-init containers - or when this field is not specified, - the restart behavior is defined by the - Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the - following effect: this init container - will be continually restarted on exit - until all regular containers have terminated. - Once all regular containers have completed, - all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers - and is often referred to as a "sidecar" - container. Although this init container - still starts in the init container sequence, - it does not wait for the container to - complete before proceeding to the next - init container. Instead, the next init - container starts immediately after this - init container is started, or after - any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines - the security options the container should - be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent - process. This bool directly controls - if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has - CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name - is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. - Note that this field cannot be set - when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the - type of proc mount to use for the - containers. The default is DefaultProcMount - which uses the container runtime - defaults for readonly paths and - masked paths. This requires the - ProcMountType feature flag to be - enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to - be applied to the container. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux - level label that applies to - the container. - type: string - role: - description: Role is a SELinux - role label that applies to the - container. - type: string - type: - description: Type is a SELinux - type label that applies to the - container. - type: string - user: - description: User is a SELinux - user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. - type: string - type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be used. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set - when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that - the Pod has successfully initialized. - If specified, no other probes are executed - until this completes successfully. If - this probe fails, the Pod will be restarted, - just as if the livenessProbe failed. - This can be used to provide different - probe parameters at the beginning of - a Pod''s lifecycle, when it might take - a long time to load data or warm a cache, - than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s termination - message will be written is mounted into - the container''s filesystem. Message - written is intended to be brief final - status, such as an assertion failure - message. Will be truncated by the node - if greater than 4096 bytes. The total - message length across all containers - will be limited to 12kb. Defaults to - /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File will - use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. - type: string - tty: - description: Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list - of block devices to be used by the container. - items: - description: volumeDevice describes - a mapping of a raw block device within - a container. - properties: - devicePath: - description: devicePath is the path - inside of the container that the - device will be mapped to. - type: string - name: - description: name must match the - name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot be - updated. - items: - description: VolumeMount describes a - mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from - the host to container and the - other way around. When not set, - MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the - Name of a Volume. - type: string - readOnly: - description: Mounted read-only if - true, read-write otherwise (false - or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to - "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" (volume's - root). SubPathExpr and SubPath - are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be - configured in the container image. Cannot - be updated. - type: string - required: - - name - type: object - type: array - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; the - node(s) with the highest sum are the - most preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A - null preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node - selector requirements by - node's labels. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by - node's fields. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to an update), the system may or may - not try to eventually evict the pod - from its node. - properties: - nodeSelectorTerms: - description: Required. A list of - node selector terms. The terms - are ORed. - items: - description: A null or empty node - selector term matches no objects. - The requirements of them are - ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node - selector requirements by - node's labels. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by - node's fields. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, - MatchLabelKeys cannot be - set when LabelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, - MismatchLabelKeys cannot - be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, MatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `LabelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting this - pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node has - pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, - MatchLabelKeys cannot be - set when LabelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, - MismatchLabelKeys cannot - be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - anti-affinity requirements specified - by this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, MatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `LabelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates - whether a service account token should be - automatically mounted. - type: boolean - dnsConfig: - description: Specifies the DNS parameters of - a pod. Parameters specified here will be merged - to the generated DNS configuration based on - DNSPolicy. - properties: - nameservers: - description: A list of DNS name server IP - addresses. This will be appended to the - base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated entries - will be removed. Resolution options given - in Options will override those that appear - in the base DNSPolicy. - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: A list of DNS search domains - for host-name lookup. This will be appended - to the base search paths generated from - DNSPolicy. Duplicated search paths will - be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the - policy selected with DNSPolicy. To have DNS - options set along with hostNetwork, you have - to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - enum: - - ClusterFirst - - ClusterFirstWithHostNet - - Default - - None - type: string - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - hostAliases: - description: HostAliases is an optional list - of hosts and IPs that will be injected into - the pod's hosts file if specified. This is - only valid for non-hostNetwork pods. - items: - description: HostAlias holds the mapping between - IP and hostnames that will be injected as - an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP - address. - items: - type: string - type: array - ip: - description: IP address of the host file - entry. - type: string - type: object - type: array - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostUsers: - description: 'Use the host''s user namespace. - Optional: Default to true. If set to true - or not present, the pod will be run in the - host user namespace, useful for when the pod - needs a feature only available to the host - user namespace, such as loading a kernel module - with CAP_SYS_MODULE. When set to false, a - new userns is created for the pod. Setting - false is useful for mitigating container breakout - vulnerabilities even allowing users to run - their containers as root without actually - having root privileges on the host. This field - is alpha-level and is only honored by servers - that enable the UserNamespacesSupport feature.' - type: boolean - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the images - used by this PodSpec. If specified, these - secrets will be passed to individual puller - implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - x-kubernetes-map-type: atomic - os: - description: "Specifies the OS of the containers - in the pod. Some pod and container fields - are restricted if this is set. \n If the OS - field is set to linux, the following fields - must be unset: -securityContext.windowsOptions - \n If the OS field is set to windows, following - fields must be unset: - spec.hostPID - spec.hostIPC - - spec.hostUsers - spec.securityContext.seLinuxOptions - - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - - spec.securityContext.fsGroupChangePolicy - - spec.securityContext.sysctls - spec.shareProcessNamespace - - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - - spec.securityContext.supplementalGroups - - spec.containers[*].securityContext.seLinuxOptions - - spec.containers[*].securityContext.seccompProfile - - spec.containers[*].securityContext.capabilities - - spec.containers[*].securityContext.readOnlyRootFilesystem - - spec.containers[*].securityContext.privileged - - spec.containers[*].securityContext.allowPrivilegeEscalation - - spec.containers[*].securityContext.procMount - - spec.containers[*].securityContext.runAsUser - - spec.containers[*].securityContext.runAsGroup" - properties: - name: - description: 'Name is the name of the operating - system. The currently supported values - are linux and windows. Additional value - may be defined in future and can be one - of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - Clients should expect to handle additional - values and treat unrecognized values in - this field as os: null' - type: string - required: - - name - type: object - podSecurityContext: - description: 'SecurityContext holds pod-level - security attributes and common container settings. - Optional: Defaults to empty. See type description - for default values of each field.' - properties: - fsGroup: - description: "A special supplemental group - that applies to all containers in a pod. - Some volume types allow the Kubelet to - change the ownership of that volume to - be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that - this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect on - ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note that - this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to - the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and group - memberships defined in the container image - for the uid of the container process. - If unspecified, no additional groups are - added to any container. Note that group - memberships defined in the container image - for the uid of the container process are - still effective, even if they are not - included in this list. Note that this - field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might - fail to launch. Note that this field cannot - be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter - to be set - properties: - name: - description: Name of a property to - set - type: string - value: - description: Value of a property to - set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. One - of Never, PreemptLowerPriority. Defaults to - PreemptLowerPriority if unset. - type: string - priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. - format: int32 - type: integer - priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the - highest priorities with the former being the - highest priority. Any other name must be defined - by creating a PriorityClass object with that - name. If not specified, the pod priority will - be default or zero if there is no default. - type: string - resources: - description: 'Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass - resource matches the named class, the pod - will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit - class with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' - type: string - schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, - the pod will be dispatched by default scheduler. - type: string - securityContext: - description: 'SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this pod. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - setHostnameAsFQDN: - description: If true the pod's hostname will - be configured as the pod's FQDN, rather than - the leaf name (the default). In Linux containers, - this means setting the FQDN in the hostname - field of the kernel (the nodename field of - struct utsname). In Windows containers, this - means setting the registry value of hostname - for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this - has no effect. Default to false. - type: boolean - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. When - this is set containers will be able to view - and signal processes from other containers - in the same pod, and the first process in - each container will not be assigned PID 1. - HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false.' - type: boolean - terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully. May be - decreased in delete request. Value must be - non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). If this value is nil, the default - grace period will be used instead. The grace - period is the duration in seconds after the - processes running in the pod are sent a termination - signal and the time when the processes are - forcibly halted with a kill signal. Set this - value longer than the expected cleanup time - for your process. Defaults to 30 seconds. - format: int64 - type: integer - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached - to tolerates any taint that matches the - triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. - type: string - operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for - value, so that a pod can tolerate all - taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the - taint. By default, it is not set, which - means tolerate the taint forever (do - not evict). Zero and negative values - will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. - properties: - labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to determine - the number of pods in their corresponding - topology domain. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values from - the incoming pod labels, those key-value - labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key is - forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. - Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against - labelSelector. \n This is a beta field - and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the minimum - number of matching pods in an eligible - domain or zero if the number of eligible - domains is less than MinDomains. For - example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is - 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is 1 - and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the - number of eligible domains with matching - topology keys is less than minDomains, - Pod Topology Spread treats \"global - minimum\" as 0, and then the calculation - of Skew is performed. And when the number - of eligible domains with matching topology - keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, the - constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, - WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is set - to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number - of domains is less than 5(MinDomains), - so \"global minimum\" is treated as - 0. In this situation, new pod with the - same labelSelector cannot be scheduled, - because computed skew will be 3(3 - - 0) if new Pod is scheduled to any of - the three zones, it will violate MaxSkew. - \n This is a beta field and requires - the MinDomainsInPodTopologySpread feature - gate to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector are - included in the calculations. - Ignore: - nodeAffinity/nodeSelector are ignored. - All nodes are included in the calculations. - \n If this value is nil, the behavior - is equivalent to the Honor policy. This - is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along - with tainted nodes for which the incoming - pod has a toleration, are included. - - Ignore: node taints are ignored. All - nodes are included. \n If this value - is nil, the behavior is equivalent to - the Ignore policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - topologyKey: - description: TopologyKey is the key of - node labels. Nodes that have a label - with this key and identical values are - considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods - into each bucket. We define a domain - as a particular instance of a topology. - Also, we define an eligible domain as - a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to - schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod in - any location, but giving higher precedence - to topologies that would help reduce - the skew. A constraint is considered - "Unsatisfiable" for an incoming pod - if and only if every possible node assignment - for that pod would violate "MaxSkew" - on some topology. For example, in a - 3-zone cluster, MaxSkew is set to 1, - and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name - of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name - of a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes' - items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID - of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind - mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: diskName is the Name - of the data disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of - data disk in the blob storage - type: string - fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in - managed availability set). defaults - to shared' - type: string - readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. - properties: - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: shareName is the azure - share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a pod's - lifetime - properties: - monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used - as the mounted root, rather than - the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User - is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the ConfigMap, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether - the ConfigMap or its keys must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is - handled by certain external CSI drivers - (Beta feature). - properties: - driver: - description: driver is the name of - the CSI driver that handles this - volume. Consult with your admin - for the correct name as registered - in the cluster. - type: string - fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the - associated CSI driver which will - determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. - If the secret object contains more - than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a - read-only configuration for the - volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. Consult - your driver's documentation for - supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits used - to set permissions on created files - by default. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward - API volume file - items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string - (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The size - limit is also applicable for memory - medium. The maximum usage on memory - medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits - of all containers in a pod. The - default is nil which means that - the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage - driver. The volume's lifecycle is tied - to the pod that defines it - it will - be created before the pod starts, and - deleted when the pod is removed. \n - Use this if: a) the volume is only needed - while the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, c) - the storage driver is specified through - a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see - EphemeralVolumeSource for more information - on the connection between this volume - type and PersistentVolumeClaim). \n - Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." - properties: - volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of - the PVC, i.e. the PVC will be deleted - together with the pod. The name - of the PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not owned - by the pod will *not* be used for - the pod to avoid using an unrelated - volume by mistake. Starting the - pod is then blocked until the unrelated - PVC is removed. If such a pre-created - PVC is meant to be used by the pod, - the PVC has to updated with an owner - reference to the pod once the pod - exists. Normally this should not - be necessary, but it may be useful - when manually reconstructing a broken - cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." - properties: - metadata: - description: May contain labels - and annotations that will be - copied into the PVC when creating - it. No other fields are allowed - and will be rejected during - validation. - type: object - spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an - external controller can - support the specified data - source, it will create a - new volume based on the - contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents will - be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This - may be any object from a - non-empty API group (non - core object) or a PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace - the functionality of the - dataSource field and as - such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the other - is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to - the same value and must - be empty. There are three - important differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific types - of objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a - disallowed value is specified. - * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field - requires the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the - reference. See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify resource - requirements that are lower - than previous value but - must still be higher than - capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute resources - required. If Requests - is omitted for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a - label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the - claim is created. An empty - string value means that - no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to - reset this field to empty - string once it is set. If - unspecified and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass will - be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by the - modifyVolumeStatus field, - until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is - the binding reference to - the PersistentVolume backing - this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC - target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. - properties: - driver: - description: driver is the name of - the driver to use for this volume. - type: string - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: - this field holds extra command options - if any.' - type: object - readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object - is specified. If the secret object - contains more than one secret, all - secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty). More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git - repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To - provision a container with a git repo, - mount an EmptyDir into an InitContainer - that clones the repo using git, then - mount the EmptyDir into the Pod''s container.' - properties: - directory: - description: directory is the target - directory name. Must not contain - or start with '..'. If '.' is supplied, - the volume directory will be the - git repository. Otherwise, if specified, - the volume will contain the git - repository in the subdirectory with - the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit - hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are - allowed to see the host machine. Most - containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' - properties: - path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a - kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication - type: boolean - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI - Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). - type: string - lun: - description: lun represents iSCSI - Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI - Target Portal List. The portal is - either an IP or ip_addr:port if - the port is other than default (typically - TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must - be a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using - this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - properties: - fsType: - description: fSType represents the - filesystem type to mount Must be - a filesystem type supported by the - host operating system. Ex. "ext4", - "xfs". Implicitly inferred to be - "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API - properties: - defaultMode: - description: defaultMode are the mode - bits used to set permissions on - created files by default. Must be - an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set. - format: int32 - type: integer - sources: - description: sources is the list of - volume projections - items: - description: Projection that may - be projected along with other - supported volume types - properties: - clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization of - the PEM contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The ordering - of certificates within the - file is arbitrary, and Kubelet - may change the order over - time." - properties: - labelSelector: - description: Select all - ClusterTrustBundles that - match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Select a single - ClusterTrustBundle by - object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If - using name, then the named - ClusterTrustBundle is - allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. - type: boolean - path: - description: Relative path - from the volume root to - write the bundle. - type: string - signerName: - description: Select all - ClusterTrustBundles that - match this signer name. - Mutually-exclusive with - name. The contents of - all selected ClusterTrustBundles - will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information - about the configMap data to - project - properties: - items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced ConfigMap will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain the - '..' path or start with - '..'. - items: - description: Maps a string - key to a path within - a volume. - properties: - key: - description: key is - the key to project. - type: string - mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify - whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project - properties: - items: - description: Items is a - list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name and namespace - are supported.' - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field - to select in - the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: - mode bits used to - set permissions - on this file, must - be an octal value - between 0000 and - 0777 or a decimal - value between 0 - and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of the - container: only - resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information - about the secret data to project - properties: - items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced Secret will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - Secret, the volume setup - will error unless it is - marked optional. Paths - must be relative and may - not contain the '..' path - or start with '..'. - items: - description: Maps a string - key to a path within - a volume. - properties: - key: - description: key is - the key to project. - type: string - mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field - specify whether the Secret - or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project - properties: - audience: - description: audience is - the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of the - apiserver. - type: string - expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account token. - The kubelet will start - trying to rotate the token - if the token is older - than 80 percent of its - time to live or if the - token is older than 24 - hours.Defaults to 1 hour - and must be at least 10 - minutes. - format: int64 - type: integer - path: - description: path is the - path relative to the mount - point of the file to project - the token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime - properties: - group: - description: group to map volume access - to Default is no group - type: string - readOnly: - description: readOnly here will force - the Quobyte volume to be mounted - with read-only permissions. Defaults - to false. - type: boolean - registry: - description: registry represents a - single or multiple Quobyte Registry - services specified as a string as - host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes - type: string - tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: user to map volume access - to Defaults to serivceaccount user - type: string - volume: - description: volume is a string that - references an already created Quobyte - volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool - name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of - the authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: secretRef references - to the secret for ScaleIO user and - other sensitive information. If - this is not provided, Login operation - will fail. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the - protection domain. - type: string - system: - description: system is the name of - the storage system as configured - in ScaleIO. - type: string - volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the Secret, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify - whether the Secret or its keys must - be defined - type: boolean - secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the - secret to use for obtaining the - StorageOS API credentials. If not - specified, default values will be - attempted. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within - StorageOS. Namespaces that do not - pre-exist within StorageOS will - be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - properties: - fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - upgradeStrategy: - description: 'Upgrade strategy for the components. By - default, it is the same as the workload''s default - strategy that the component is deployed with. Note: - the maxSurge will not take effect for the compute - component.' - properties: - inPlaceUpdateStrategy: - description: InPlaceUpdateStrategy contains strategies - for in-place update. - properties: - gracePeriodSeconds: - description: GracePeriodSeconds is the timespan - between set Pod status to not-ready and update - images in Pod spec when in-place update a - Pod. - format: int32 - type: integer - type: object - rollingUpdate: - description: Rolling update config params. Present - only if DeploymentStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - default: 0 - description: 'The maximum number of pods that - can be scheduled above the desired replicas - during update or specified delete. Value can - be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding - up. Defaults to 0.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - default: 25% - description: 'The maximum number of pods that - can be unavailable during the update. Value - can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding - down. Defaults to 25%.' - x-kubernetes-int-or-string: true - partition: - anyOf: - - type: integer - - type: string - default: 0 - description: 'Partition is the desired number - of pods in old revisions. Value can be an - absolute number (ex: 5) or a percentage of - desired pods (ex: 10%). Absolute number is - calculated from percentage by rounding up - by default. It means when partition is set - during pods updating, (replicas - partition - value) number of pods will be updated. Default - value is 0.' - x-kubernetes-int-or-string: true - type: object - type: - default: RollingUpdate - description: Type of upgrade. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - enum: - - Recreate - - RollingUpdate - - InPlaceIfPossible - - InPlaceOnly - type: string - type: object - volumeClaimTemplates: - description: volumeClaimTemplates is a list of claims - that pods are allowed to reference. The StatefulSet - controller is responsible for mapping network identities - to claims in a way that maintains the identity of - a pod. Every claim in this list must have at least - one matching (by name) volumeMount in one container - in the template. A claim in this list takes precedence - over any volumes in the template, with the same name. - items: - description: PersistentVolumeClaim used by RisingWave. - properties: - metadata: - description: PersistentVolumeClaimPartialObjectMeta - is the metadata for PVC templates. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - finalizers: - description: Must be empty before the object - is deleted from the registry. Each entry - is an identifier for the responsible component - that will remove the entry from the list. - If the deletionTimestamp of the object is - non-nil, entries in this list can only be - removed. Finalizers may be processed and - removed in any order. Order is NOT enforced - because it introduces significant risk of - stuck finalizers. finalizers is a shared - field, any actor with permission can reorder - it. If the finalizer list is processed in - order, then this can lead to a situation - in which the component responsible for the - first finalizer in the list is waiting for - a signal (field value, external system, - or other) produced by a component responsible - for a finalizer later in the list, resulting - in a deadlock. Without enforced ordering - finalizers are free to order amongst themselves - and are not vulnerable to ordering changes - in the list. - items: - type: string - type: array - labels: - additionalProperties: - type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a - namespace. Is required when creating resources, - although some resources may allow a client - to request the generation of an appropriate - name automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - type: object - spec: - description: 'spec defines the desired characteristics - of a volume requested by a pod author. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents - will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when - dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of - the specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such if both - fields are non-empty, they must have the - same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is - non-empty. When namespace is specified in - dataSourceRef, dataSource isn''t set to - the same value and must be empty. There - are three important differences between - dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, - dataSourceRef allows any non-core object, - as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves - all values, and generates an error if a - disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: Namespace is the namespace - of resource being referenced Note that - when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant - documentation for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are lower - than previous value but must still be higher - than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may - be used to set the VolumeAttributesClass - used by this claim. If specified, the CSI - driver will create or update the volume - with the attributes defined in the corresponding - VolumeAttributesClass. This has a different - purpose than storageClassName, it can be - changed after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s not - allowed to reset this field to empty string - once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to - by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set to - a Pending state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object frontend: description: Frontend contains configuration of the frontend component. properties: @@ -42746,14 +35521,6 @@ spec: even if it's set to true, the controller will determine if it can create the resource by checking if the CRDs are installed. type: boolean - enableEmbeddedConnector: - default: false - description: Flag to control whether to use the embedded connector - (recommended). If embedded connector is enabled, the dedicated connectors - won't be deployed and used anymore and the corresponding fields - will be ignored. The dedicated connector will be deprecated soon - because of its error proneness. - type: boolean enableFullKubernetesAddr: default: false description: Flag to indicate if full kubernetes address should be @@ -43232,47 +35999,6 @@ spec: - running - target type: object - connector: - description: Running status of connector. - properties: - groups: - description: List of running status of each group. - items: - description: ComponentGroupReplicasStatus are the running - status of Pods in group. - properties: - exists: - description: Existence status of the group. - type: boolean - name: - description: Name of the group. - type: string - running: - description: Running replicas in the group. - format: int32 - type: integer - target: - description: Target replicas of the group. - format: int32 - type: integer - required: - - name - - running - - target - type: object - type: array - running: - description: Total running replicas of the component. - format: int32 - type: integer - target: - description: Total target replicas of the component. - format: int32 - type: integer - required: - - running - - target - type: object frontend: description: Running status of frontend. properties: @@ -43399,7 +36125,6 @@ spec: required: - compactor - compute - - connector - frontend - meta - standalone @@ -43626,7 +36351,6 @@ spec: - frontend - compute - compactor - - connector type: string name: description: Name of the RisingWave object. diff --git a/config/risingwave-operator.yaml b/config/risingwave-operator.yaml index 237caafd..5b1960ed 100644 --- a/config/risingwave-operator.yaml +++ b/config/risingwave-operator.yaml @@ -14544,7231 +14544,6 @@ spec: - name x-kubernetes-list-type: map type: object - connector: - description: Connector contains configuration of the connector - component. - properties: - disallowPrintStackTraces: - description: DisallowPrintStackTraces determines if the stack - traces are allowed to print when panic happens. This options - applies to both Rust and Java programs. Defaults to false. - type: boolean - logLevel: - default: INFO - description: LogLevel controls the log level of the running - nodes. It can be in any format that the underlying component - supports, e.g., in the RUST_LOG format for Rust programs. - Defaults to INFO. - type: string - nodeGroups: - description: NodeGroups of the component deployment. - items: - description: RisingWaveNodeGroup is the definition of a - group of RisingWave nodes of the same component. - properties: - configuration: - description: Configuration determines the configuration - to be used for the RisingWave nodes. - properties: - configMap: - description: ConfigMap where the `risingwave.toml` - locates. - properties: - key: - default: risingwave.toml - description: Key to the configuration file. - Defaults to `risingwave.toml`. - type: string - name: - description: Name determines the ConfigMap to - provide the configs RisingWave requests. It - will be mounted on the Pods directly. It the - ConfigMap isn't provided, the controller will - use empty value as the configs. - type: string - optional: - description: Optional determines if the key - must exist in the ConfigMap. Defaults to false. - type: boolean - type: object - secret: - description: Secret where the `risingwave.toml` - locates. - properties: - key: - default: risingwave.toml - description: Key to the configuration file. - Defaults to `risingwave.toml`. - type: string - name: - description: Name determines the Secret to provide - the configs RisingWave requests. It will be - mounted on the Pods directly. It the Secret - isn't provided, the controller will use empty - value as the configs. - type: string - optional: - description: Optional determines if the key - must exist in the Secret. Defaults to false. - type: boolean - type: object - type: object - minReadySeconds: - description: Minimum number of seconds for which a newly - created pod should be ready without any of its container - crashing for it to be considered available. Defaults - to 0 (pod will be considered available as soon as - it is ready) - format: int32 - type: integer - name: - default: "" - description: Name of the node group. - type: string - persistentVolumeClaimRetentionPolicy: - description: persistentVolumeClaimRetentionPolicy describes - the lifecycle of persistent volume claims created - from volumeClaimTemplates. By default, all persistent - volume claims are created as needed and retained until - manually deleted. This policy allows the lifecycle - to be altered, for example by deleting persistent - volume claims when their stateful set is deleted, - or when their pod is scaled down. This requires the - StatefulSetAutoDeletePVC feature gate to be enabled, - which is alpha. - properties: - whenDeleted: - description: WhenDeleted specifies what happens - to PVCs created from StatefulSet VolumeClaimTemplates - when the StatefulSet is deleted. The default policy - of `Retain` causes PVCs to not be affected by - StatefulSet deletion. The `Delete` policy causes - those PVCs to be deleted. - type: string - whenScaled: - description: WhenScaled specifies what happens to - PVCs created from StatefulSet VolumeClaimTemplates - when the StatefulSet is scaled down. The default - policy of `Retain` causes PVCs to not be affected - by a scaledown. The `Delete` policy causes the - associated PVCs for any excess pods above the - replica count to be deleted. - type: string - type: object - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be failed. - The deployment controller will continue to process - failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. - Note that progress will not be estimated during the - time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - description: Replicas of Pods in this group. - format: int32 - minimum: 0 - type: integer - restartAt: - description: RestartAt is the time that the Pods under - the group should be restarted. Setting a value on - this field will trigger a full recreation of the Pods. - Defaults to nil. - format: date-time - type: string - template: - description: Template tells how the Pod should be started. - It is an optional field. If it's empty, then the pod - template in the first-level fields under spec will - be used. - properties: - metadata: - description: PartialObjectMeta tells the operator - to add the specified metadata onto the Pod. - properties: - annotations: - additionalProperties: - type: string - description: Annotations of the object. - type: object - labels: - additionalProperties: - type: string - description: Labels of the object. - type: object - type: object - spec: - description: RisingWaveNodePodTemplateSpec determines - the Pod spec to start the RisingWave pod. - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the - pod may be active on the node relative to - StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - format: int64 - type: integer - additionalContainers: - description: Additional containers to run in - the same Pod. The containers will be appended - to the Pod's containers array in order. - items: - description: A single application container - that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. - The container image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be - resolved, the reference in the input - string will be unchanged. Double $$ - are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped - references will never be expanded, regardless - of whether the variable exists or not. - Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed - within a shell. The container image''s - ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are - expanded using the container''s environment. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables - to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previously defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. Double $$ are - reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce - the string literal "$(VAR_NAME)". - Escaped references will never - be expanded, regardless of whether - the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used - if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of - a ConfigMap. - properties: - key: - description: The key to - select. - type: string - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of - a secret in the pod's namespace - properties: - key: - description: The key of - the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when the - container is starting. When a key exists - in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be - updated. - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select - from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: 'Container image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default or - override container images in workload - controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of - Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot be - updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to container - lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called - immediately after a container is - created. If the handler fails, the - container is terminated and restarted - according to its restart policy. - Other management of the container - blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the - action to take. - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies - the http request to perform. - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access - on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. - properties: - seconds: - description: Seconds is the - number of seconds to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately - before a container is terminated - due to an API request or management - event such as liveness/startup probe - failure, preemption, resource contention, - etc. The handler is not called if - the container crashes or exits. - The Pod''s termination grace period - countdown begins before the PreStop - hook is executed. Regardless of - the outcome of the handler, the - container will eventually terminate - within the Pod''s termination grace - period (unless delayed by finalizers). - Other management of the container - blocks until the hook completes - or until the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the - action to take. - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies - the http request to perform. - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access - on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents - the duration that the container - should sleep before being terminated. - properties: - seconds: - description: Seconds is the - number of seconds to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket - is NOT supported as a LifecycleHandler - and kept for the backward compatibility. - There are no validation of this - field and lifecycle hooks will - fail in runtime when tcp handler - is specified. - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified - as a DNS_LABEL. Each container in a - pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose from - the container. Not specifying a port - here DOES NOT prevent that port from - being exposed. Any port which is listening - on the default "0.0.0.0" address inside - a container will be accessible from - the network. Modifying this array with - strategic merge patch may corrupt the - data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. - items: - description: ContainerPort represents - a network port in a single container. - properties: - containerPort: - description: Number of port to expose - on the pod's IP address. This - must be a valid port number, 0 - < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind - the external port to. - type: string - hostPort: - description: Number of port to expose - on the host. If specified, this - must be a valid port number, 0 - < x < 65536. If HostNetwork is - specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this - must be an IANA_SVC_NAME and unique - within the pod. Each named port - in a pod must have a unique name. - Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will be - removed from service endpoints if the - probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resizePolicy: - description: Resources resize policy for - the container. - items: - description: ContainerResizePolicy represents - resource resize policy for the container. - properties: - resourceName: - description: 'Name of the resource - to which this resource resize - policy applies. Supported values: - cpu, memory.' - type: string - restartPolicy: - description: Restart policy to apply - when specified resource is resized. - If not specified, it defaults - to NotRequired. - type: string - required: - - resourceName - - restartPolicy - type: object - type: array - x-kubernetes-list-type: atomic - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names - of resources, defined in spec.resourceClaims, - that are used by this container. - \n This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match - the name of one entry in pod.spec.resourceClaims - of the Pod where this field - is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted - for a container, it defaults to - Limits if that is explicitly specified, - otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartPolicy: - description: 'RestartPolicy defines the - restart behavior of individual containers - in a pod. This field may only be set - for init containers, and the only allowed - value is "Always". For non-init containers - or when this field is not specified, - the restart behavior is defined by the - Pod''s restart policy and the container - type. Setting the RestartPolicy as "Always" - for the init container will have the - following effect: this init container - will be continually restarted on exit - until all regular containers have terminated. - Once all regular containers have completed, - all init containers with restartPolicy - "Always" will be shut down. This lifecycle - differs from normal init containers - and is often referred to as a "sidecar" - container. Although this init container - still starts in the init container sequence, - it does not wait for the container to - complete before proceeding to the next - init container. Instead, the next init - container starts immediately after this - init container is started, or after - any startupProbe has successfully completed.' - type: string - securityContext: - description: 'SecurityContext defines - the security options the container should - be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can gain - more privileges than its parent - process. This bool directly controls - if the no_new_privs flag will be - set on the container process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) has - CAP_SYS_ADMIN Note that this field - cannot be set when spec.os.name - is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults - to the default set of capabilities - granted by the container runtime. - Note that this field cannot be set - when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root - on the host. Defaults to false. - Note that this field cannot be set - when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the - type of proc mount to use for the - containers. The default is DefaultProcMount - which uses the container runtime - defaults for readonly paths and - masked paths. This requires the - ProcMountType feature flag to be - enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. Note that this - field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If - true, the Kubelet will validate - the image at runtime to ensure that - it does not run as UID 0 (root) - and fail to start the container - if it does. If unset or false, no - such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set - in PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to - be applied to the container. If - unspecified, the container runtime - will allocate a random SELinux context - for each container. May also be - set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this - field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux - level label that applies to - the container. - type: string - role: - description: Role is a SELinux - role label that applies to the - container. - type: string - type: - description: Type is a SELinux - type label that applies to the - container. - type: string - user: - description: User is a SELinux - user label that applies to the - container. - type: string - type: object - seccompProfile: - description: The seccomp options to - use by this container. If seccomp - options are provided at both the - pod & container level, the container - options override the pod options. - Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile - indicates a profile defined - in a file on the node should - be used. The profile must be - preconfigured on the node to - work. Must be a descending path, - relative to the kubelet's configured - seccomp profile location. Must - be set if type is "Localhost". - Must NOT be set for any other - type. - type: string - type: - description: "type indicates which - kind of seccomp profile will - be applied. Valid options are: - \n Localhost - a profile defined - in a file on the node should - be used. RuntimeDefault - the - container runtime default profile - should be used. Unconfined - - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be used. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - Note that this field cannot be set - when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run - as a 'Host Process' container. - All of a Pod's containers must - have the same effective HostProcess - value (it is not allowed to - have a mix of HostProcess containers - and non-HostProcess containers). - In addition, if HostProcess - is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the - container process. Defaults - to the user specified in image - metadata if unspecified. May - also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - startupProbe: - description: 'StartupProbe indicates that - the Pod has successfully initialized. - If specified, no other probes are executed - until this completes successfully. If - this probe fails, the Pod will be restarted, - just as if the livenessProbe failed. - This can be used to provide different - probe parameters at the beginning of - a Pod''s lifecycle, when it might take - a long time to load data or warm a cache, - than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action - to take. - properties: - command: - description: Command is the command - line to execute inside the container, - the working directory for the - command is root ('/') in the - container's filesystem. The - command is simply exec'd, it - is not run inside a shell, so - traditional shell instructions - ('|', etc) won't work. To use - a shell, you need to explicitly - call out to that shell. Exit - status of 0 is treated as live/healthy - and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures - for the probe to be considered failed - after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action - involving a GRPC port. - properties: - port: - description: Port number of the - gRPC service. Number must be - in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name - of the service to place in the - gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, - the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the - http request to perform. - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to - set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - properties: - name: - description: The header - field name. This will - be canonicalized upon - output, so case-variant - names will be understood - as the same header. - type: string - value: - description: The header - field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on - the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after - the container has started before - liveness probes are initiated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) - to perform the probe. Default to - 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes - for the probe to be considered successful - after having failed. Defaults to - 1. Must be 1 for liveness and startup. - Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an - action involving a TCP port. - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the - pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of - the port to access on the container. - Number must be in the range - 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in - seconds the pod needs to terminate - gracefully upon probe failure. The - grace period is the duration in - seconds after the processes running - in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill - signal. Set this value longer than - the expected cleanup time for your - process. If this value is nil, the - pod's terminationGracePeriodSeconds - will be used. Otherwise, this value - overrides the value provided by - the pod spec. Value must be non-negative - integer. The value zero indicates - stop immediately via the kill signal - (no opportunity to shut down). This - is a beta field and requires enabling - ProbeTerminationGracePeriod feature - gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after - which the probe times out. Defaults - to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - stdin: - description: Whether this container should - allocate a buffer for stdin in the container - runtime. If this is not set, reads from - stdin in the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and remains - closed until the container is restarted. - If this flag is false, a container processes - that reads from stdin will never receive - an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s termination - message will be written is mounted into - the container''s filesystem. Message - written is intended to be brief final - status, such as an assertion failure - message. Will be truncated by the node - if greater than 4096 bytes. The total - message length across all containers - will be limited to 12kb. Defaults to - /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File will - use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. - type: string - tty: - description: Whether this container should - allocate a TTY for itself, also requires - 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list - of block devices to be used by the container. - items: - description: volumeDevice describes - a mapping of a raw block device within - a container. - properties: - devicePath: - description: devicePath is the path - inside of the container that the - device will be mapped to. - type: string - name: - description: name must match the - name of a persistentVolumeClaim - in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot be - updated. - items: - description: VolumeMount describes a - mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from - the host to container and the - other way around. When not set, - MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the - Name of a Volume. - type: string - readOnly: - description: Mounted read-only if - true, read-write otherwise (false - or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults to - "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" (volume's - root). SubPathExpr and SubPath - are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might be - configured in the container image. Cannot - be updated. - type: string - required: - - name - type: object - type: array - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; the - node(s) with the highest sum are the - most preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A - null preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node - selector requirements by - node's labels. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by - node's fields. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to an update), the system may or may - not try to eventually evict the pod - from its node. - properties: - nodeSelectorTerms: - description: Required. A list of - node selector terms. The terms - are ORed. - items: - description: A null or empty node - selector term matches no objects. - The requirements of them are - ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node - selector requirements by - node's labels. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by - node's fields. - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator is - In or NotIn, the values - array must be non-empty. - If the operator is - Exists or DoesNotExist, - the values array must - be empty. If the operator - is Gt or Lt, the values - array must have a - single element, which - will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, - MatchLabelKeys cannot be - set when LabelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, - MismatchLabelKeys cannot - be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - affinity requirements specified by - this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, MatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `LabelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting this - pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a - node that violates one or more of - the expressions. The node that is - most preferred is the one with the - greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node has - pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of - the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. If it's - null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods - which pods will be taken - into consideration for the - incoming pod's pod (anti) - affinity. Keys that don't - exist in the incoming pod - labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, - MatchLabelKeys cannot be - set when LabelSelector isn't - set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys - to select which pods will - be taken into consideration. - The keys are used to lookup - values from the incoming - pod labels, those key-value - labels are merged with `LabelSelector` - as `key notin (value)` to - select the group of existing - pods which pods will be - taken into consideration - for the incoming pod's pod - (anti) affinity. Keys that - don't exist in the incoming - pod labels will be ignored. - The default value is empty. - The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, - MismatchLabelKeys cannot - be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the - anti-affinity requirements specified - by this field cease to be met at some - point during pod execution (e.g. due - to a pod label update), the system - may or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. If it's null, this - PodAffinityTerm matches with - no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is - a set of pod label keys to select - which pods will be taken into - consideration. The keys are - used to lookup values from the - incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select - the group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, MatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys - is a set of pod label keys to - select which pods will be taken - into consideration. The keys - are used to lookup values from - the incoming pod labels, those - key-value labels are merged - with `LabelSelector` as `key - notin (value)` to select the - group of existing pods which - pods will be taken into consideration - for the incoming pod's pod (anti) - affinity. Keys that don't exist - in the incoming pod labels will - be ignored. The default value - is empty. The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha - field and requires enabling - MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is - applied to the union of the - namespaces selected by this - field and the ones listed in - the namespaces field. null selector - and null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union - of the namespaces listed in - this field and the ones selected - by namespaceSelector. null or - empty namespaces list and null - namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not - co-located (anti-affinity) with - the pods matching the labelSelector - in the specified namespaces, - where co-located is defined - as running on a node whose value - of the label with key topologyKey - matches that of any node on - which any of the selected pods - is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates - whether a service account token should be - automatically mounted. - type: boolean - dnsConfig: - description: Specifies the DNS parameters of - a pod. Parameters specified here will be merged - to the generated DNS configuration based on - DNSPolicy. - properties: - nameservers: - description: A list of DNS name server IP - addresses. This will be appended to the - base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated entries - will be removed. Resolution options given - in Options will override those that appear - in the base DNSPolicy. - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: A list of DNS search domains - for host-name lookup. This will be appended - to the base search paths generated from - DNSPolicy. Duplicated search paths will - be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the - policy selected with DNSPolicy. To have DNS - options set along with hostNetwork, you have - to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - enum: - - ClusterFirst - - ClusterFirstWithHostNet - - Default - - None - type: string - env: - description: List of environment variables to - set in the container. Cannot be updated. - items: - description: EnvVar represents an environment - variable present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined - environment variables in the container - and any service environment variables. - If a variable cannot be resolved, the - reference in the input string will be - unchanged. Double $$ are reduced to - a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, - regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be used if - value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the - pod: supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret - in the pod's namespace - properties: - key: - description: The key of the secret - to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined - within a source must be a C_IDENTIFIER. All - invalid keys will be reported as an event - when the container is starting. When a key - exists in multiple sources, the value associated - with the last source will take precedence. - Values defined by an Env with a duplicate - key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the - source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to - prepend to each key in the ConfigMap. - Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - hostAliases: - description: HostAliases is an optional list - of hosts and IPs that will be injected into - the pod's hosts file if specified. This is - only valid for non-hostNetwork pods. - items: - description: HostAlias holds the mapping between - IP and hostnames that will be injected as - an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP - address. - items: - type: string - type: array - ip: - description: IP address of the host file - entry. - type: string - type: object - type: array - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostUsers: - description: 'Use the host''s user namespace. - Optional: Default to true. If set to true - or not present, the pod will be run in the - host user namespace, useful for when the pod - needs a feature only available to the host - user namespace, such as loading a kernel module - with CAP_SYS_MODULE. When set to false, a - new userns is created for the pod. Setting - false is useful for mitigating container breakout - vulnerabilities even allowing users to run - their containers as root without actually - having root privileges on the host. This field - is alpha-level and is only honored by servers - that enable the UserNamespacesSupport feature.' - type: boolean - image: - description: 'Container image name. More info: - https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level - config management to default or override container - images in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, - Never, IfNotPresent. Defaults to Always if - :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the images - used by this PodSpec. If specified, these - secrets will be passed to individual puller - implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - x-kubernetes-map-type: atomic - os: - description: "Specifies the OS of the containers - in the pod. Some pod and container fields - are restricted if this is set. \n If the OS - field is set to linux, the following fields - must be unset: -securityContext.windowsOptions - \n If the OS field is set to windows, following - fields must be unset: - spec.hostPID - spec.hostIPC - - spec.hostUsers - spec.securityContext.seLinuxOptions - - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - - spec.securityContext.fsGroupChangePolicy - - spec.securityContext.sysctls - spec.shareProcessNamespace - - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - - spec.securityContext.supplementalGroups - - spec.containers[*].securityContext.seLinuxOptions - - spec.containers[*].securityContext.seccompProfile - - spec.containers[*].securityContext.capabilities - - spec.containers[*].securityContext.readOnlyRootFilesystem - - spec.containers[*].securityContext.privileged - - spec.containers[*].securityContext.allowPrivilegeEscalation - - spec.containers[*].securityContext.procMount - - spec.containers[*].securityContext.runAsUser - - spec.containers[*].securityContext.runAsGroup" - properties: - name: - description: 'Name is the name of the operating - system. The currently supported values - are linux and windows. Additional value - may be defined in future and can be one - of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - Clients should expect to handle additional - values and treat unrecognized values in - this field as os: null' - type: string - required: - - name - type: object - podSecurityContext: - description: 'SecurityContext holds pod-level - security attributes and common container settings. - Optional: Defaults to empty. See type description - for default values of each field.' - properties: - fsGroup: - description: "A special supplemental group - that applies to all containers in a pod. - Some volume types allow the Kubelet to - change the ownership of that volume to - be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership - and permissions of any volume. Note that - this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and permission - of the volume before being exposed inside - Pod. This field will only apply to volume - types which support fsGroup based ownership(and - permissions). It will have no effect on - ephemeral volume types such as: secret, - configmaps and emptydir. Valid values - are "OnRootMismatch" and "Always". If - not specified, "Always" is used. Note - that this field cannot be set when spec.os.name - is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to all containers. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. Note - that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by the containers in this pod. Note that - this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to - the first process run in each container, - in addition to the container's primary - GID, the fsGroup (if specified), and group - memberships defined in the container image - for the uid of the container process. - If unspecified, no additional groups are - added to any container. Note that group - memberships defined in the container image - for the uid of the container process are - still effective, even if they are not - included in this list. Note that this - field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might - fail to launch. Note that this field cannot - be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter - to be set - properties: - name: - description: Name of a property to - set - type: string - value: - description: Value of a property to - set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. One - of Never, PreemptLowerPriority. Defaults to - PreemptLowerPriority if unset. - type: string - priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. - format: int32 - type: integer - priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the - highest priorities with the former being the - highest priority. Any other name must be defined - by creating a PriorityClass object with that - name. If not specified, the pod priority will - be default or zero if there is no default. - type: string - resources: - description: 'Compute Resources required by - this container. Cannot be updated. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - properties: - claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n This - is an alpha field and requires enabling - the DynamicResourceAllocation feature - gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should - be used to run this pod. If no RuntimeClass - resource matches the named class, the pod - will not be run. If unset or empty, the "legacy" - RuntimeClass will be used, which is an implicit - class with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' - type: string - schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, - the pod will be dispatched by default scheduler. - type: string - securityContext: - description: 'SecurityContext defines the security - options the container should be run with. - If set, the fields of SecurityContext override - the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges - than its parent process. This bool directly - controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when - spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop - when running containers. Defaults to the - default set of capabilities granted by - the container runtime. Note that this - field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent - POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged - mode. Processes in privileged containers - are essentially equivalent to root on - the host. Defaults to false. Note that - this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type - of proc mount to use for the containers. - The default is DefaultProcMount which - uses the container runtime defaults for - readonly paths and masked paths. This - requires the ProcMountType feature flag - to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has - a read-only root filesystem. Default is - false. Note that this field cannot be - set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image at - runtime to ensure that it does not run - as UID 0 (root) and fail to start the - container if it does. If unset or false, - no such validation will be performed. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied - to the container. If unspecified, the - container runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. Note that this field - cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use - by this container. If seccomp options - are provided at both the pod & container - level, the container options override - the pod options. Note that this field - cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates - a profile defined in a file on the - node should be used. The profile must - be preconfigured on the node to work. - Must be a descending path, relative - to the kubelet's configured seccomp - profile location. Must be set if type - is "Localhost". Must NOT be set for - any other type. - type: string - type: - description: "type indicates which kind - of seccomp profile will be applied. - Valid options are: \n Localhost - - a profile defined in a file on the - node should be used. RuntimeDefault - - the container runtime default profile - should be used. Unconfined - no profile - should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options from the PodSecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where - the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - hostProcess: - description: HostProcess determines - if a container should be run as a - 'Host Process' container. All of a - Pod's containers must have the same - effective HostProcess value (it is - not allowed to have a mix of HostProcess - containers and non-HostProcess containers). - In addition, if HostProcess is true - then HostNetwork must also be set - to true. - type: boolean - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this pod. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - setHostnameAsFQDN: - description: If true the pod's hostname will - be configured as the pod's FQDN, rather than - the leaf name (the default). In Linux containers, - this means setting the FQDN in the hostname - field of the kernel (the nodename field of - struct utsname). In Windows containers, this - means setting the registry value of hostname - for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this - has no effect. Default to false. - type: boolean - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. When - this is set containers will be able to view - and signal processes from other containers - in the same pod, and the first process in - each container will not be assigned PID 1. - HostPID and ShareProcessNamespace cannot both - be set. Optional: Default to false.' - type: boolean - terminationGracePeriodSeconds: - description: Optional duration in seconds the - pod needs to terminate gracefully. May be - decreased in delete request. Value must be - non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). If this value is nil, the default - grace period will be used instead. The grace - period is the duration in seconds after the - processes running in the pod are sent a termination - signal and the time when the processes are - forcibly halted with a kill signal. Set this - value longer than the expected cleanup time - for your process. Defaults to 30 seconds. - format: int64 - type: integer - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached - to tolerates any taint that matches the - triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. - type: string - operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for - value, so that a pod can tolerate all - taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the - taint. By default, it is not set, which - means tolerate the taint forever (do - not evict). Zero and negative values - will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - All topologySpreadConstraints are ANDed. - items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given - topology. - properties: - labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to determine - the number of pods in their corresponding - topology domain. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set - of pod label keys to select the pods - over which spreading will be calculated. - The keys are used to lookup values from - the incoming pod labels, those key-value - labels are ANDed with labelSelector - to select the group of existing pods - over which spreading will be calculated - for the incoming pod. The same key is - forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. - Keys that don't exist in the incoming - pod labels will be ignored. A null or - empty list means only match against - labelSelector. \n This is a beta field - and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled - by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree - to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference - between the number of matching pods - in the target topology and the global - minimum. The global minimum is the minimum - number of matching pods in an eligible - domain or zero if the number of eligible - domains is less than MinDomains. For - example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same - labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is - 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence - to topologies that satisfy it. It''s - a required field. Default value is 1 - and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum - number of eligible domains. When the - number of eligible domains with matching - topology keys is less than minDomains, - Pod Topology Spread treats \"global - minimum\" as 0, and then the calculation - of Skew is performed. And when the number - of eligible domains with matching topology - keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible - domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods - to those domains. If value is nil, the - constraint behaves as if MinDomains - is equal to 1. Valid values are integers - greater than 0. When value is not nil, - WhenUnsatisfiable must be DoNotSchedule. - \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is set - to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 - | | P P | P P | P P | The number - of domains is less than 5(MinDomains), - so \"global minimum\" is treated as - 0. In this situation, new pod with the - same labelSelector cannot be scheduled, - because computed skew will be 3(3 - - 0) if new Pod is scheduled to any of - the three zones, it will violate MaxSkew. - \n This is a beta field and requires - the MinDomainsInPodTopologySpread feature - gate to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates - how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread - skew. Options are: - Honor: only nodes - matching nodeAffinity/nodeSelector are - included in the calculations. - Ignore: - nodeAffinity/nodeSelector are ignored. - All nodes are included in the calculations. - \n If this value is nil, the behavior - is equivalent to the Honor policy. This - is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates - how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along - with tainted nodes for which the incoming - pod has a toleration, are included. - - Ignore: node taints are ignored. All - nodes are included. \n If this value - is nil, the behavior is equivalent to - the Ignore policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - topologyKey: - description: TopologyKey is the key of - node labels. Nodes that have a label - with this key and identical values are - considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods - into each bucket. We define a domain - as a particular instance of a topology. - Also, we define an eligible domain as - a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to - schedule it. - ScheduleAnyway tells - the scheduler to schedule the pod in - any location, but giving higher precedence - to topologies that would help reduce - the skew. A constraint is considered - "Unsatisfiable" for an incoming pod - if and only if every possible node assignment - for that pod would violate "MaxSkew" - on some topology. For example, in a - 3-zone cluster, MaxSkew is set to 1, - and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 - | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod - can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a required - field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumeDevices: - description: volumeDevices is the list of block - devices to be used by the container. - items: - description: volumeDevice describes a mapping - of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside - of the container that the device will - be mapped to. - type: string - name: - description: name must match the name - of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's - filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting - of a Volume within a container. - properties: - mountPath: - description: Path within the container - at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines - how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is - used. This field is beta in 1.10. - type: string - name: - description: This must match the Name - of a Volume. - type: string - readOnly: - description: Mounted read-only if true, - read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: Path within the volume from - which the container's volume should - be mounted. Defaults to "" (volume's - root). - type: string - subPathExpr: - description: Expanded path within the - volume from which the container's volume - should be mounted. Behaves similarly - to SubPath but environment variable - references $(VAR_NAME) are expanded - using the container's environment. Defaults - to "" (volume's root). SubPathExpr and - SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: 'List of volumes that can be mounted - by containers belonging to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes' - items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true - will force the readOnly setting - in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID - of the persistent disk resource - in AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure - Data Disk mount on the host and bind - mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host - Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: diskName is the Name - of the data disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of - data disk in the blob storage - type: string - fsType: - description: fsType is Filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values - are Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in - managed availability set). defaults - to shared' - type: string - readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure - File Service mount on the host and bind - mount to the pod. - properties: - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: secretName is the name - of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: shareName is the azure - share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph - FS mount on the host that shares a pod's - lifetime - properties: - monitors: - description: 'monitors is Required: - Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used - as the mounted root, rather than - the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: - SecretFile is the path to key ring - for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: - SecretRef is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User - is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: - points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: 'defaultMode is optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the key - and content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the ConfigMap, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether - the ConfigMap or its keys must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is - handled by certain external CSI drivers - (Beta feature). - properties: - driver: - description: driver is the name of - the CSI driver that handles this - volume. Consult with your admin - for the correct name as registered - in the cluster. - type: string - fsType: - description: fsType to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the - associated CSI driver which will - determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and NodeUnpublishVolume - calls. This field is optional, and may - be empty if no secret is required. - If the secret object contains more - than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a - read-only configuration for the - volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores - driver-specific properties that - are passed to the CSI driver. Consult - your driver's documentation for - supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate - this volume - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a Optional: mode bits used - to set permissions on created files - by default. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward - API volume file - items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only annotations, - labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode - bits used to set permissions - on this file, must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or contain - the ''..'' path. Must be utf-8 - encoded. The first item of - the relative path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are currently - supported.' - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the - output format of the exposed - resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what - type of storage medium should back - this directory. The default is "" - which means to use the node''s default - medium. Must be an empty string - (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total - amount of local storage required - for this EmptyDir volume. The size - limit is also applicable for memory - medium. The maximum usage on memory - medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits - of all containers in a pod. The - default is nil which means that - the limit is undefined. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage - driver. The volume's lifecycle is tied - to the pod that defines it - it will - be created before the pod starts, and - deleted when the pod is removed. \n - Use this if: a) the volume is only needed - while the pod runs, b) features of normal - volumes like restoring from snapshot - or capacity tracking are needed, c) - the storage driver is specified through - a storage class, and d) the storage - driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see - EphemeralVolumeSource for more information - on the connection between this volume - type and PersistentVolumeClaim). \n - Use PersistentVolumeClaim or one of - the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for - light-weight local ephemeral volumes - if the CSI driver is meant to be used - that way - see the documentation of - the driver for more information. \n - A pod can use both types of ephemeral - volumes and persistent volumes at the - same time." - properties: - volumeClaimTemplate: - description: "Will be used to create - a stand-alone PVC to provision the - volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of - the PVC, i.e. the PVC will be deleted - together with the pod. The name - of the PVC will be `-` where `` is - the name from the `PodSpec.Volumes` - array entry. Pod validation will - reject the pod if the concatenated - name is not valid for a PVC (for - example, too long). \n An existing - PVC with that name that is not owned - by the pod will *not* be used for - the pod to avoid using an unrelated - volume by mistake. Starting the - pod is then blocked until the unrelated - PVC is removed. If such a pre-created - PVC is meant to be used by the pod, - the PVC has to updated with an owner - reference to the pod once the pod - exists. Normally this should not - be necessary, but it may be useful - when manually reconstructing a broken - cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." - properties: - metadata: - description: May contain labels - and annotations that will be - copied into the PVC when creating - it. No other fields are allowed - and will be rejected during - validation. - type: object - spec: - description: The specification - for the PersistentVolumeClaim. - The entire content is copied - unchanged into the PVC that - gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: 'accessModes - contains the desired access - modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field - can be used to specify either: - * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an - external controller can - support the specified data - source, it will create a - new volume based on the - contents of the specified - data source. When the AnyVolumeDataSource - feature gate is enabled, - dataSource contents will - be copied to dataSourceRef, - and dataSourceRef contents - will be copied to dataSource - when dataSourceRef.namespace - is not specified. If the - namespace is specified, - then dataSourceRef will - not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef - specifies the object from - which to populate the volume - with data, if a non-empty - volume is desired. This - may be any object from a - non-empty API group (non - core object) or a PersistentVolumeClaim - object. When this field - is specified, volume binding - will only succeed if the - type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace - the functionality of the - dataSource field and as - such if both fields are - non-empty, they must have - the same value. For backwards - compatibility, when namespace - isn''t specified in dataSourceRef, - both fields (dataSource - and dataSourceRef) will - be set to the same value - automatically if one of - them is empty and the other - is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to - the same value and must - be empty. There are three - important differences between - dataSource and dataSourceRef: - * While dataSource only - allows two specific types - of objects, dataSourceRef - allows any non-core object, - as well as PersistentVolumeClaim - objects. * While dataSource - ignores disallowed values - (dropping them), dataSourceRef - preserves all values, and - generates an error if a - disallowed value is specified. - * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field - requires the AnyVolumeDataSource - feature gate to be enabled. - (Alpha) Using the namespace - field of dataSourceRef requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - namespace: - description: Namespace - is the namespace of - resource being referenced - Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in - the referent namespace - to allow that namespace's - owner to accept the - reference. See the ReferenceGrant - documentation for details. - (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents - the minimum resources the - volume should have. If RecoverVolumeExpansionFailure - feature is enabled users - are allowed to specify resource - requirements that are lower - than previous value but - must still be higher than - capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of - compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests - describes the minimum - amount of compute resources - required. If Requests - is omitted for a container, - it defaults to Limits - if that is explicitly - specified, otherwise - to an implementation-defined - value. Requests cannot - exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a - label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName - is the name of the StorageClass - required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create - or update the volume with - the attributes defined in - the corresponding VolumeAttributesClass. - This has a different purpose - than storageClassName, it - can be changed after the - claim is created. An empty - string value means that - no VolumeAttributesClass - will be applied to the claim - but it''s not allowed to - reset this field to empty - string once it is set. If - unspecified and the PersistentVolumeClaim - is unbound, the default - VolumeAttributesClass will - be set by the persistentvolume - controller if it exists. - If the resource referred - to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending - state, as reflected by the - modifyVolumeStatus field, - until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field - requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is - the binding reference to - the PersistentVolume backing - this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC - target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: - Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: - FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs - and lun must be set, but not both - simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. - properties: - driver: - description: driver is the name of - the driver to use for this volume. - type: string - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on - FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: - this field holds extra command options - if any.' - type: object - readOnly: - description: 'readOnly is Optional: - defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: - secretRef is reference to the secret - object containing sensitive information - to pass to the plugin scripts. This - may be empty if no secret object - is specified. If the secret object - contains more than one secret, all - secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: datasetName is Name of - the dataset stored as metadata -> - name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID - of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount - by volume name. Examples: For volume - /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can - leave the property empty). More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name - of the PD resource in GCE. Used - to identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git - repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To - provision a container with a git repo, - mount an EmptyDir into an InitContainer - that clones the repo using git, then - mount the EmptyDir into the Pod''s container.' - properties: - directory: - description: directory is the target - directory name. Must not contain - or start with '..'. If '.' is supplied, - the volume directory will be the - git repository. Otherwise, if specified, - the volume will contain the git - repository in the subdirectory with - the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit - hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s - lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force - the Glusterfs volume to be mounted - with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine - that is directly exposed to the container. - This is generally used for system agents - or other privileged things that are - allowed to see the host machine. Most - containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts and - who can/can not mount host directories - as read/write.' - properties: - path: - description: 'path of the directory - on the host. If the path is a symlink, - it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume - Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI - Disk resource that is attached to a - kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines - whether support iSCSI Discovery - CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines - whether support iSCSI Session CHAP - authentication - type: boolean - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - initiatorName: - description: initiatorName is the - custom iSCSI Initiator Name. If - initiatorName is specified with - iscsiInterface simultaneously, new - iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI - Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the - interface Name that uses an iSCSI - transport. Defaults to 'default' - (tcp). - type: string - lun: - description: lun represents iSCSI - Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI - Target Portal List. The portal is - either an IP or ip_addr:port if - the port is other than default (typically - TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP - Secret for iSCSI target and initiator - authentication - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI - Target Portal. The Portal is either - an IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must - be a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount - on the host that shares a pod''s lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported - by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force - the NFS export to be mounted with - read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name - of a PersistentVolumeClaim in the - same namespace as the pod using - this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the - ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - properties: - fsType: - description: fSType represents the - filesystem type to mount Must be - a filesystem type supported by the - host operating system. Ex. "ext4", - "xfs". Implicitly inferred to be - "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in - one resources secrets, configmaps, and - downward API - properties: - defaultMode: - description: defaultMode are the mode - bits used to set permissions on - created files by default. Must be - an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected - by this setting. This might be in - conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode - bits set. - format: int32 - type: integer - sources: - description: sources is the list of - volume projections - items: - description: Projection that may - be projected along with other - supported volume types - properties: - clusterTrustBundle: - description: "ClusterTrustBundle - allows a pod to access the - `.spec.trustBundle` field - of ClusterTrustBundle objects - in an auto-updating file. - \n Alpha, gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected - by name, or by the combination - of signer name and a label - selector. \n Kubelet performs - aggressive normalization of - the PEM contents written into - the pod filesystem. Esoteric - PEM features such as inter-block - comments and block headers - are stripped. Certificates - are deduplicated. The ordering - of certificates within the - file is arbitrary, and Kubelet - may change the order over - time." - properties: - labelSelector: - description: Select all - ClusterTrustBundles that - match this label selector. Only - has effect if signerName - is set. Mutually-exclusive - with name. If unset, - interpreted as "match - nothing". If set but - empty, interpreted as - "match everything". - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Select a single - ClusterTrustBundle by - object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: If true, don't - block pod startup if the - referenced ClusterTrustBundle(s) - aren't available. If - using name, then the named - ClusterTrustBundle is - allowed not to exist. If - using signerName, then - the combination of signerName - and labelSelector is allowed - to match zero ClusterTrustBundles. - type: boolean - path: - description: Relative path - from the volume root to - write the bundle. - type: string - signerName: - description: Select all - ClusterTrustBundles that - match this signer name. - Mutually-exclusive with - name. The contents of - all selected ClusterTrustBundles - will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information - about the configMap data to - project - properties: - items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced ConfigMap will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain the - '..' path or start with - '..'. - items: - description: Maps a string - key to a path within - a volume. - properties: - key: - description: key is - the key to project. - type: string - mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify - whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information - about the downwardAPI data - to project - properties: - items: - description: Items is a - list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile - represents information - to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name and namespace - are supported.' - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written in - terms of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field - to select in - the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: - mode bits used to - set permissions - on this file, must - be an octal value - between 0000 and - 0777 or a decimal - value between 0 - and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the ''..'' - path. Must be utf-8 - encoded. The first - item of the relative - path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of the - container: only - resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format - of the exposed - resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information - about the secret data to project - properties: - items: - description: items if unspecified, - each key-value pair in - the Data field of the - referenced Secret will - be projected into the - volume as a file whose - name is the key and content - is the value. If specified, - the listed keys will be - projected into the specified - paths, and unlisted keys - will not be present. If - a key is specified which - is not present in the - Secret, the volume setup - will error unless it is - marked optional. Paths - must be relative and may - not contain the '..' path - or start with '..'. - items: - description: Maps a string - key to a path within - a volume. - properties: - key: - description: key is - the key to project. - type: string - mode: - description: 'mode - is Optional: mode - bits used to set - permissions on this - file. Must be an - octal value between - 0000 and 0777 or - a decimal value - between 0 and 511. - YAML accepts both - octal and decimal - values, JSON requires - decimal values for - mode bits. If not - specified, the volume - defaultMode will - be used. This might - be in conflict with - other options that - affect the file - mode, like fsGroup, - and the result can - be other mode bits - set.' - format: int32 - type: integer - path: - description: path - is the relative - path of the file - to map the key to. - May not be an absolute - path. May not contain - the path element - '..'. May not start - with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field - specify whether the Secret - or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken - is information about the serviceAccountToken - data to project - properties: - audience: - description: audience is - the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of the - apiserver. - type: string - expirationSeconds: - description: expirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account token. - The kubelet will start - trying to rotate the token - if the token is older - than 80 percent of its - time to live or if the - token is older than 24 - hours.Defaults to 1 hour - and must be at least 10 - minutes. - format: int64 - type: integer - path: - description: path is the - path relative to the mount - point of the file to project - the token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime - properties: - group: - description: group to map volume access - to Default is no group - type: string - readOnly: - description: readOnly here will force - the Quobyte volume to be mounted - with read-only permissions. Defaults - to false. - type: boolean - registry: - description: registry represents a - single or multiple Quobyte Registry - services specified as a string as - host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes - type: string - tenant: - description: tenant owning the given - Quobyte volume in the Backend Used - with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: user to map volume access - to Defaults to serivceaccount user - type: string - volume: - description: volume is a string that - references an already created Quobyte - volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block - Device mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem - type of the volume that you want - to mount. Tip: Ensure that the filesystem - type is supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in - the filesystem from compromising - the machine' - type: string - image: - description: 'image is the rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection - of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool - name. Default is rbd. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force - the ReadOnly setting in VolumeMounts. - Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of - the authentication secret for RBDUser. - If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user - name. Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the - name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: readOnly Defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: secretRef references - to the secret for ScaleIO user and - other sensitive information. If - this is not provided, Login operation - will fail. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: storageMode indicates - whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the - protection domain. - type: string - system: - description: system is the name of - the storage system as configured - in ScaleIO. - type: string - volumeName: - description: volumeName is the name - of a volume already created in the - ScaleIO system that is associated - with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret - that should populate this volume. More - info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: - mode bits used to set permissions - on created files by default. Must - be an octal value between 0000 and - 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. Defaults - to 0644. Directories within the - path are not affected by this setting. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, - each key-value pair in the Data - field of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and unlisted - keys will not be present. If a key - is specified which is not present - in the Secret, the volume setup - will error unless it is marked optional. - Paths must be relative and may not - contain the '..' path or start with - '..'. - items: - description: Maps a string key to - a path within a volume. - properties: - key: - description: key is the key - to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set permissions - on this file. Must be an octal - value between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts both - octal and decimal values, - JSON requires decimal values - for mode bits. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the - key to. May not be an absolute - path. May not contain the - path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify - whether the Secret or its keys must - be defined - type: boolean - secretName: - description: 'secretName is the name - of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to - false (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the - secret to use for obtaining the - StorageOS API credentials. If not - specified, default values will be - attempted. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies - the scope of the volume within StorageOS. If - no namespace is specified then the - Pod's namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if you - are not using namespaces within - StorageOS. Namespaces that do not - pre-exist within StorageOS will - be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - properties: - fsType: - description: fsType is filesystem - type to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the - storage Policy Based Management - (SPBM) profile ID associated with - the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is - the storage Policy Based Management - (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path - that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - upgradeStrategy: - description: 'Upgrade strategy for the components. By - default, it is the same as the workload''s default - strategy that the component is deployed with. Note: - the maxSurge will not take effect for the compute - component.' - properties: - inPlaceUpdateStrategy: - description: InPlaceUpdateStrategy contains strategies - for in-place update. - properties: - gracePeriodSeconds: - description: GracePeriodSeconds is the timespan - between set Pod status to not-ready and update - images in Pod spec when in-place update a - Pod. - format: int32 - type: integer - type: object - rollingUpdate: - description: Rolling update config params. Present - only if DeploymentStrategyType = RollingUpdate. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - default: 0 - description: 'The maximum number of pods that - can be scheduled above the desired replicas - during update or specified delete. Value can - be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding - up. Defaults to 0.' - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - default: 25% - description: 'The maximum number of pods that - can be unavailable during the update. Value - can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding - down. Defaults to 25%.' - x-kubernetes-int-or-string: true - partition: - anyOf: - - type: integer - - type: string - default: 0 - description: 'Partition is the desired number - of pods in old revisions. Value can be an - absolute number (ex: 5) or a percentage of - desired pods (ex: 10%). Absolute number is - calculated from percentage by rounding up - by default. It means when partition is set - during pods updating, (replicas - partition - value) number of pods will be updated. Default - value is 0.' - x-kubernetes-int-or-string: true - type: object - type: - default: RollingUpdate - description: Type of upgrade. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - enum: - - Recreate - - RollingUpdate - - InPlaceIfPossible - - InPlaceOnly - type: string - type: object - volumeClaimTemplates: - description: volumeClaimTemplates is a list of claims - that pods are allowed to reference. The StatefulSet - controller is responsible for mapping network identities - to claims in a way that maintains the identity of - a pod. Every claim in this list must have at least - one matching (by name) volumeMount in one container - in the template. A claim in this list takes precedence - over any volumes in the template, with the same name. - items: - description: PersistentVolumeClaim used by RisingWave. - properties: - metadata: - description: PersistentVolumeClaimPartialObjectMeta - is the metadata for PVC templates. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - finalizers: - description: Must be empty before the object - is deleted from the registry. Each entry - is an identifier for the responsible component - that will remove the entry from the list. - If the deletionTimestamp of the object is - non-nil, entries in this list can only be - removed. Finalizers may be processed and - removed in any order. Order is NOT enforced - because it introduces significant risk of - stuck finalizers. finalizers is a shared - field, any actor with permission can reorder - it. If the finalizer list is processed in - order, then this can lead to a situation - in which the component responsible for the - first finalizer in the list is waiting for - a signal (field value, external system, - or other) produced by a component responsible - for a finalizer later in the list, resulting - in a deadlock. Without enforced ordering - finalizers are free to order amongst themselves - and are not vulnerable to ordering changes - in the list. - items: - type: string - type: array - labels: - additionalProperties: - type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a - namespace. Is required when creating resources, - although some resources may allow a client - to request the generation of an appropriate - name automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - type: object - spec: - description: 'spec defines the desired characteristics - of a volume requested by a pod author. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents - will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when - dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of - the specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such if both - fields are non-empty, they must have the - same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is - non-empty. When namespace is specified in - dataSourceRef, dataSource isn''t set to - the same value and must be empty. There - are three important differences between - dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, - dataSourceRef allows any non-core object, - as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves - all values, and generates an error if a - disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: Namespace is the namespace - of resource being referenced Note that - when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant - documentation for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are lower - than previous value but must still be higher - than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may - be used to set the VolumeAttributesClass - used by this claim. If specified, the CSI - driver will create or update the volume - with the attributes defined in the corresponding - VolumeAttributesClass. This has a different - purpose than storageClassName, it can be - changed after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s not - allowed to reset this field to empty string - once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to - by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set to - a Pending state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object frontend: description: Frontend contains configuration of the frontend component. properties: @@ -42746,14 +35521,6 @@ spec: even if it's set to true, the controller will determine if it can create the resource by checking if the CRDs are installed. type: boolean - enableEmbeddedConnector: - default: false - description: Flag to control whether to use the embedded connector - (recommended). If embedded connector is enabled, the dedicated connectors - won't be deployed and used anymore and the corresponding fields - will be ignored. The dedicated connector will be deprecated soon - because of its error proneness. - type: boolean enableFullKubernetesAddr: default: false description: Flag to indicate if full kubernetes address should be @@ -43232,47 +35999,6 @@ spec: - running - target type: object - connector: - description: Running status of connector. - properties: - groups: - description: List of running status of each group. - items: - description: ComponentGroupReplicasStatus are the running - status of Pods in group. - properties: - exists: - description: Existence status of the group. - type: boolean - name: - description: Name of the group. - type: string - running: - description: Running replicas in the group. - format: int32 - type: integer - target: - description: Target replicas of the group. - format: int32 - type: integer - required: - - name - - running - - target - type: object - type: array - running: - description: Total running replicas of the component. - format: int32 - type: integer - target: - description: Total target replicas of the component. - format: int32 - type: integer - required: - - running - - target - type: object frontend: description: Running status of frontend. properties: @@ -43399,7 +36125,6 @@ spec: required: - compactor - compute - - connector - frontend - meta - standalone @@ -43626,7 +36351,6 @@ spec: - frontend - compute - compactor - - connector type: string name: description: Name of the RisingWave object. diff --git a/docs/general/api.md b/docs/general/api.md index e8b289f0..d1b7f7f5 100644 --- a/docs/general/api.md +++ b/docs/general/api.md @@ -605,20 +605,6 @@ spec.components will be ignored. Standalone mode can be turned on/off dynamicall -enableEmbeddedConnector
- -bool - - - -(Optional) -

Flag to control whether to use the embedded connector (recommended). If embedded connector is enabled, -the dedicated connectors won’t be deployed and used anymore and the corresponding fields will be ignored. -The dedicated connector will be deprecated soon because of its error proneness.

- - - - image
string @@ -976,19 +962,6 @@ ComponentReplicasStatus -connector
- - -ComponentReplicasStatus - - - - -

Running status of connector.

- - - - standalone
@@ -1083,19 +1056,6 @@ RisingWaveComponent

Compactor contains configuration of the compactor component.

- - -connector
- - -RisingWaveComponent - - - - -

Connector contains configuration of the connector component.

- -

RisingWaveCondition @@ -1420,18 +1380,6 @@ int32

Replicas of compactor component. Replicas specified here is in a default group (with empty name “).

- - -connector
- -int32 - - - -(Optional) -

Replicas of connector component. Replicas specified here is in a default group (with empty name “).

- -

RisingWaveHuaweiCloudOBSCredentials @@ -4210,20 +4158,6 @@ spec.components will be ignored. Standalone mode can be turned on/off dynamicall -enableEmbeddedConnector
- -bool - - - -(Optional) -

Flag to control whether to use the embedded connector (recommended). If embedded connector is enabled, -the dedicated connectors won’t be deployed and used anymore and the corresponding fields will be ignored. -The dedicated connector will be deprecated soon because of its error proneness.

- - - - image
string diff --git a/docs/manifests/stable/persistent/minio/risingwave.yaml b/docs/manifests/stable/persistent/minio/risingwave.yaml index d5522195..8cf77d02 100644 --- a/docs/manifests/stable/persistent/minio/risingwave.yaml +++ b/docs/manifests/stable/persistent/minio/risingwave.yaml @@ -269,18 +269,4 @@ spec: memory: 32Gi # Memory limit will be set to `RW_TOTAL_MEMORY_BYTES` requests: cpu: 8 - memory: 32Gi - # Please comment out the following if you do not need connector node - connector: - nodeGroups: - - replicas: 1 - name: '' - template: - spec: - resources: - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 4 - memory: 8Gi + memory: 32Gi \ No newline at end of file diff --git a/docs/manifests/stable/persistent/s3/risingwave.yaml b/docs/manifests/stable/persistent/s3/risingwave.yaml index fb6089fe..942a3b7d 100644 --- a/docs/manifests/stable/persistent/s3/risingwave.yaml +++ b/docs/manifests/stable/persistent/s3/risingwave.yaml @@ -186,18 +186,4 @@ spec: memory: 32Gi # Memory limit will be set to `RW_TOTAL_MEMORY_BYTES` requests: cpu: 8 - memory: 32Gi - # Please comment out the following if you do not need connector node - connector: - nodeGroups: - - replicas: 1 - name: '' - template: - spec: - resources: - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 4 - memory: 8Gi + memory: 32Gi \ No newline at end of file diff --git a/pkg/consts/consts.go b/pkg/consts/consts.go index fc4cb4d6..99b335ca 100644 --- a/pkg/consts/consts.go +++ b/pkg/consts/consts.go @@ -65,7 +65,6 @@ const ( ComponentFrontend = "frontend" ComponentCompute = "compute" ComponentCompactor = "compactor" - ComponentConnector = "connector" ComponentStandalone = "standalone" ComponentConfig = "config" ) @@ -130,6 +129,4 @@ const ( FrontendMetricsPort int32 = 8080 CompactorServicePort int32 = 6660 CompactorMetricsPort int32 = 1260 - ConnectorServicePort int32 = 50051 - ConnectorMetricsPort int32 = 50052 ) diff --git a/pkg/controller/risingwave_controller.go b/pkg/controller/risingwave_controller.go index 38f7b4bb..c9e4c8d9 100644 --- a/pkg/controller/risingwave_controller.go +++ b/pkg/controller/risingwave_controller.go @@ -77,11 +77,6 @@ const ( RisingWaveAction_SyncCompactorCloneSets = manager.RisingWaveAction_SyncCompactorCloneSets RisingWaveAction_WaitBeforeCompactorDeploymentsReady = manager.RisingWaveAction_WaitBeforeCompactorDeploymentsReady RisingWaveAction_WaitBeforeCompactorCloneSetsReady = manager.RisingWaveAction_WaitBeforeCompactorCloneSetsReady - RisingWaveAction_SyncConnectorService = manager.RisingWaveAction_SyncConnectorService - RisingWaveAction_SyncConnectorDeployments = manager.RisingWaveAction_SyncConnectorDeployments - RisingWaveAction_SyncConnectorCloneSets = manager.RisingWaveAction_SyncConnectorCloneSets - RisingWaveAction_WaitBeforeConnectorDeploymentsReady = manager.RisingWaveAction_WaitBeforeConnectorDeploymentsReady - RisingWaveAction_WaitBeforeConnectorCloneSetsReady = manager.RisingWaveAction_WaitBeforeConnectorCloneSetsReady RisingWaveAction_SyncConfigConfigMap = manager.RisingWaveAction_SyncConfigConfigMap RisingWaveAction_CollectRunningStatisticsAndSyncStatus = manager.RisingWaveAction_CollectRunningStatisticsAndSyncStatus RisingWaveAction_SyncServiceMonitor = manager.RisingWaveAction_SyncServiceMonitor @@ -313,27 +308,17 @@ func (c *RisingWaveController) reactiveWorkflow(risingwaveManger *object.RisingW mgr.SyncFrontendDeployments(), ctrlkit.If(c.openKruiseAvailable, mgr.SyncFrontendCloneSets()), ), - // Sync only when embedded connector is disabled. - ctrlkit.If(!risingwaveManger.IsEmbeddedConnectorEnabled(), - ctrlkit.ParallelJoin( - mgr.SyncConnectorService(), - mgr.SyncConnectorDeployments(), - ctrlkit.If(c.openKruiseAvailable, mgr.SyncConnectorCloneSets()), - ), - ), ) otherOpenKruiseComponentsReadyBarrier := ctrlkit.ParallelJoin( mgr.WaitBeforeFrontendCloneSetsReady(), mgr.WaitBeforeComputeAdvancedStatefulSetsReady(), mgr.WaitBeforeCompactorCloneSetsReady(), - ctrlkit.If(!risingwaveManger.IsEmbeddedConnectorEnabled(), mgr.WaitBeforeConnectorCloneSetsReady()), ) otherComponentsReadyBarrier := ctrlkit.Join( mgr.WaitBeforeFrontendDeploymentsReady(), mgr.WaitBeforeComputeStatefulSetsReady(), mgr.WaitBeforeCompactorDeploymentsReady(), - ctrlkit.If(!risingwaveManger.IsEmbeddedConnectorEnabled(), mgr.WaitBeforeConnectorDeploymentsReady()), ctrlkit.If(c.openKruiseAvailable, otherOpenKruiseComponentsReadyBarrier), ) diff --git a/pkg/controller/risingwave_controller_test.go b/pkg/controller/risingwave_controller_test.go index 9a727448..766e7ae5 100644 --- a/pkg/controller/risingwave_controller_test.go +++ b/pkg/controller/risingwave_controller_test.go @@ -236,25 +236,20 @@ func Test_RisingWaveController_Initializing(t *testing.T) { RisingWaveAction_SyncMetaService: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncComputeService: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncCompactorService: newResultErr(ctrlkit.Continue()), - RisingWaveAction_SyncConnectorService: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncFrontendService: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncConfigConfigMap: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncMetaStatefulSets: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncFrontendDeployments: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncCompactorDeployments: newResultErr(ctrlkit.Continue()), - RisingWaveAction_SyncConnectorDeployments: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncComputeStatefulSets: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncMetaAdvancedStatefulSets: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncFrontendCloneSets: newResultErr(ctrlkit.Continue()), RisingWaveAction_SyncCompactorCloneSets: newResultErr(ctrlkit.Continue()), - RisingWaveAction_SyncConnectorCloneSets: newResultErr(ctrlkit.Continue()), RisingWaveAction_WaitBeforeMetaStatefulSetsReady: newResultErr(ctrlkit.Exit()), RisingWaveAction_WaitBeforeFrontendDeploymentsReady: newResultErr(ctrlkit.Exit()), RisingWaveAction_WaitBeforeComputeStatefulSetsReady: newResultErr(ctrlkit.Exit()), RisingWaveAction_WaitBeforeCompactorDeploymentsReady: newResultErr(ctrlkit.Exit()), RisingWaveAction_WaitBeforeCompactorCloneSetsReady: newResultErr(ctrlkit.Exit()), - RisingWaveAction_WaitBeforeConnectorDeploymentsReady: newResultErr(ctrlkit.Exit()), - RisingWaveAction_WaitBeforeConnectorCloneSetsReady: newResultErr(ctrlkit.Exit()), RisingWaveAction_WaitBeforeMetaAdvancedStatefulSetsReady: newResultErr(ctrlkit.Exit()), RisingWaveAction_WaitBeforeFrontendCloneSetsReady: newResultErr(ctrlkit.Exit()), RisingWaveAction_WaitBeforeComputeAdvancedStatefulSetsReady: newResultErr(ctrlkit.Exit()), diff --git a/pkg/factory/envs/risingwave.go b/pkg/factory/envs/risingwave.go index 71cc8672..1a9b4765 100644 --- a/pkg/factory/envs/risingwave.go +++ b/pkg/factory/envs/risingwave.go @@ -22,26 +22,24 @@ const ( RustLog = "RUST_LOG" JavaOpts = "JAVA_OPTS" - RWListenAddr = "RW_LISTEN_ADDR" - RWAdvertiseAddr = "RW_ADVERTISE_ADDR" - RWDashboardHost = "RW_DASHBOARD_HOST" - RWPrometheusHost = "RW_PROMETHEUS_HOST" - RWEtcdEndpoints = "RW_ETCD_ENDPOINTS" - RWEtcdAuth = "RW_ETCD_AUTH" - RWEtcdUsername = "RW_ETCD_USERNAME" - RWEtcdPassword = "RW_ETCD_PASSWORD" - RWConfigPath = "RW_CONFIG_PATH" - RWStateStore = "RW_STATE_STORE" - RWDataDirectory = "RW_DATA_DIRECTORY" - RWWorkerThreads = "RW_WORKER_THREADS" - RWConnectorRPCEndPoint = "RW_CONNECTOR_RPC_ENDPOINT" - RWBackend = "RW_BACKEND" - RWMetaAddr = "RW_META_ADDR" - RWMetaAddrLegacy = "RW_META_ADDRESS" // Will deprecate soon. - RWPrometheusListenerAddr = "RW_PROMETHEUS_LISTENER_ADDR" - RWParallelism = "RW_PARALLELISM" - RWTotalMemoryBytes = "RW_TOTAL_MEMORY_BYTES" - RWConnectorNodePrometheusPort = "RW_CONNECTOR_NODE_PROMETHEUS_PORT" + RWListenAddr = "RW_LISTEN_ADDR" + RWAdvertiseAddr = "RW_ADVERTISE_ADDR" + RWDashboardHost = "RW_DASHBOARD_HOST" + RWPrometheusHost = "RW_PROMETHEUS_HOST" + RWEtcdEndpoints = "RW_ETCD_ENDPOINTS" + RWEtcdAuth = "RW_ETCD_AUTH" + RWEtcdUsername = "RW_ETCD_USERNAME" + RWEtcdPassword = "RW_ETCD_PASSWORD" + RWConfigPath = "RW_CONFIG_PATH" + RWStateStore = "RW_STATE_STORE" + RWDataDirectory = "RW_DATA_DIRECTORY" + RWWorkerThreads = "RW_WORKER_THREADS" + RWBackend = "RW_BACKEND" + RWMetaAddr = "RW_META_ADDR" + RWMetaAddrLegacy = "RW_META_ADDRESS" // Will deprecate soon. + RWPrometheusListenerAddr = "RW_PROMETHEUS_LISTENER_ADDR" + RWParallelism = "RW_PARALLELISM" + RWTotalMemoryBytes = "RW_TOTAL_MEMORY_BYTES" ) // MinIO. diff --git a/pkg/factory/risingwave_object_factory.go b/pkg/factory/risingwave_object_factory.go index 3042ef60..0c341079 100644 --- a/pkg/factory/risingwave_object_factory.go +++ b/pkg/factory/risingwave_object_factory.go @@ -182,8 +182,6 @@ func (f *RisingWaveObjectFactory) componentName(component, group string) string return f.risingwave.Name + "-frontend" + groupSuffix(group) case consts.ComponentCompactor: return f.risingwave.Name + "-compactor" + groupSuffix(group) - case consts.ComponentConnector: - return f.risingwave.Name + "-connector" + groupSuffix(group) case consts.ComponentStandalone: return f.risingwave.Name + "-standalone" case consts.ComponentConfig: @@ -407,13 +405,6 @@ func (f *RisingWaveObjectFactory) envsForMetaArgs() []corev1.EnvVar { }, } - if !ptr.Deref(f.risingwave.Spec.EnableEmbeddedConnector, false) { - envVars = append(envVars, corev1.EnvVar{ - Name: envs.RWConnectorRPCEndPoint, - Value: fmt.Sprintf("%s:%d", f.componentAddr(consts.ComponentConnector, ""), consts.ConnectorServicePort), - }) - } - envVars = append(envVars, f.coreEnvsForMeta()...) return envVars @@ -476,13 +467,6 @@ func (f *RisingWaveObjectFactory) envsForComputeArgs(cpuLimit int64, memLimit in }, } - if !ptr.Deref(f.risingwave.Spec.EnableEmbeddedConnector, false) { - envVars = append(envVars, corev1.EnvVar{ - Name: envs.RWConnectorRPCEndPoint, - Value: fmt.Sprintf("%s:%d", f.componentAddr(consts.ComponentConnector, ""), consts.ConnectorServicePort), - }) - } - if cpuLimit != 0 { envVars = append(envVars, corev1.EnvVar{ Name: envs.RWParallelism, @@ -1360,9 +1344,6 @@ func (f *RisingWaveObjectFactory) newPodTemplateSpecFromNodeGroupByComponent(com case consts.ComponentCompute: containerModifier = f.setupComputeContainer componentPtr = &f.risingwave.Spec.Components.Compute - case consts.ComponentConnector: - containerModifier = f.setupConnectorContainer - componentPtr = &f.risingwave.Spec.Components.Connector case consts.ComponentStandalone: containerModifier = f.setupStandaloneContainer componentPtr = f.convertStandaloneSpecIntoComponent() @@ -1507,62 +1488,6 @@ func (f *RisingWaveObjectFactory) setupCompactorContainer(container *corev1.Cont }) } -func (f *RisingWaveObjectFactory) portsForConnectorContainer() []corev1.ContainerPort { - return []corev1.ContainerPort{ - { - Name: consts.PortService, - Protocol: corev1.ProtocolTCP, - ContainerPort: consts.ConnectorServicePort, - }, - { - Name: consts.PortMetrics, - Protocol: corev1.ProtocolTCP, - ContainerPort: consts.ConnectorMetricsPort, - }, - } -} - -func (f *RisingWaveObjectFactory) argsForConnector() []string { - return []string{ - "-p", fmt.Sprintf("%d", consts.ConnectorServicePort), - } -} - -func (f *RisingWaveObjectFactory) setupConnectorContainer(container *corev1.Container) { - container.Name = "connector" - container.Args = f.argsForConnector() - container.Ports = f.portsForConnectorContainer() - container.Command = []string{"/risingwave/bin/connector-node/start-service.sh"} - - memLimits := container.Resources.Limits.Memory().Value() - if memLimits != 0 { - - var mergedVars = []corev1.EnvVar{ - { - Name: envs.JavaOpts, - Value: fmt.Sprintf("-Xmx%d", memLimits), - }, - { - Name: envs.RWConnectorNodePrometheusPort, - Value: fmt.Sprintf("%d", consts.ConnectorMetricsPort), - }, - } - - // ensure the container env not override by generated env. - for _, env := range container.Env { - mergedVars = mergeListWhenKeyEquals(mergedVars, env, func(a, b *corev1.EnvVar) bool { - return a.Name == b.Name - }) - } - - container.Env = mergedVars - } - - container.VolumeMounts = mergeListWhenKeyEquals(container.VolumeMounts, f.volumeMountForConfig(), func(a, b *corev1.VolumeMount) bool { - return a.MountPath == b.MountPath - }) -} - func (f *RisingWaveObjectFactory) argsForStandaloneMetaStore() []string { args := []string{ "--backend $(RW_BACKEND)", @@ -1851,26 +1776,6 @@ func (f *RisingWaveObjectFactory) NewCompactorService() *corev1.Service { return mustSetControllerReference(f.risingwave, compactorSvc, f.scheme) } -// NewConnectorService creates a new Service for the connector. -func (f *RisingWaveObjectFactory) NewConnectorService() *corev1.Service { - connectorSvc := f.newService(consts.ComponentConnector, corev1.ServiceTypeClusterIP, []corev1.ServicePort{ - { - Name: consts.PortService, - Protocol: corev1.ProtocolTCP, - Port: consts.ConnectorServicePort, - TargetPort: intstr.FromString(consts.PortService), - }, - { - Name: consts.PortMetrics, - Protocol: corev1.ProtocolTCP, - Port: consts.ConnectorMetricsPort, - TargetPort: intstr.FromString(consts.PortMetrics), - }, - }) - - return mustSetControllerReference(f.risingwave, connectorSvc, f.scheme) -} - // NewMetaStatefulSet creates a new StatefulSet for the meta component and specified group. func (f *RisingWaveObjectFactory) NewMetaStatefulSet(group string) *appsv1.StatefulSet { return newWorkloadObjectForComponentNodeGroup(f, consts.ComponentMeta, group, f.newStatefulSet) @@ -1911,16 +1816,6 @@ func (f *RisingWaveObjectFactory) NewCompactorCloneSet(group string) *kruiseapps return newWorkloadObjectForComponentNodeGroup(f, consts.ComponentCompactor, group, f.newCloneSet) } -// NewConnectorDeployment creates a new Deployment for the connector component and specified group. -func (f *RisingWaveObjectFactory) NewConnectorDeployment(group string) *appsv1.Deployment { - return newWorkloadObjectForComponentNodeGroup(f, consts.ComponentConnector, group, f.newDeployment) -} - -// NewConnectorCloneSet creates a new CloneSet for the connector component and specified group. -func (f *RisingWaveObjectFactory) NewConnectorCloneSet(group string) *kruiseappsv1alpha1.CloneSet { - return newWorkloadObjectForComponentNodeGroup(f, consts.ComponentConnector, group, f.newCloneSet) -} - func buildUpgradeStrategyForStatefulSet(strategy risingwavev1alpha1.RisingWaveNodeGroupUpgradeStrategy) appsv1.StatefulSetUpdateStrategy { switch strategy.Type { case risingwavev1alpha1.RisingWaveUpgradeStrategyTypeRollingUpdate: diff --git a/pkg/factory/risingwave_object_factory_predicate_test.go b/pkg/factory/risingwave_object_factory_predicate_test.go index d85c26ee..3110c1f3 100644 --- a/pkg/factory/risingwave_object_factory_predicate_test.go +++ b/pkg/factory/risingwave_object_factory_predicate_test.go @@ -27,7 +27,6 @@ import ( "k8s.io/apimachinery/pkg/api/equality" "github.com/risingwavelabs/risingwave-operator/pkg/consts" - "github.com/risingwavelabs/risingwave-operator/pkg/factory/envs" ) type predicate[T kubeObject, k testCaseType] struct { @@ -300,16 +299,6 @@ func metaStatefulSetPredicates() []predicate[*appsv1.StatefulSet, metaStatefulSe return container.LivenessProbe != nil && container.ReadinessProbe != nil }, }, - { - Name: "envs-contains-connector-rpc-endpoint", - Fn: func(obj *appsv1.StatefulSet, tc metaStatefulSetTestCase) bool { - container := &obj.Spec.Template.Spec.Containers[0] - return container.Env != nil && lo.Contains(container.Env, corev1.EnvVar{ - Name: envs.RWConnectorRPCEndPoint, - Value: tc.risingwave.Name + "-connector:50051", - }) - }, - }, } } @@ -455,18 +444,7 @@ func getSTSPredicates() []predicate[*appsv1.StatefulSet, computeStatefulSetTestC // This function returns the predicates used for to compare stateful objects for the compute component. // It inherits from the base statefulset predicates and further additional predicates can be added for compute. func computeStatefulSetPredicates() []predicate[*appsv1.StatefulSet, computeStatefulSetTestCase] { - return append(getSTSPredicates(), []predicate[*appsv1.StatefulSet, computeStatefulSetTestCase]{ - { - Name: "envs-contains-connector-rpc-endpoint", - Fn: func(obj *appsv1.StatefulSet, tc computeStatefulSetTestCase) bool { - container := &obj.Spec.Template.Spec.Containers[0] - return container.Env != nil && lo.Contains(container.Env, corev1.EnvVar{ - Name: envs.RWConnectorRPCEndPoint, - Value: tc.risingwave.Name + "-connector:50051", - }) - }, - }, - }...) + return getSTSPredicates() } // This function returns the base predicates used for the CloneSet objects. @@ -743,16 +721,6 @@ func getAdvancedSTSPredicates() []predicate[*kruiseappsv1beta1.StatefulSet, comp return container.LivenessProbe != nil && container.ReadinessProbe != nil }, }, - { - Name: "envs-contains-connector-rpc-endpoint", - Fn: func(obj *kruiseappsv1beta1.StatefulSet, tc computeAdvancedSTSTestCase) bool { - container := &obj.Spec.Template.Spec.Containers[0] - return container.Env != nil && lo.Contains(container.Env, corev1.EnvVar{ - Name: envs.RWConnectorRPCEndPoint, - Value: tc.risingwave.Name + "-connector:50051", - }) - }, - }, } } @@ -886,16 +854,6 @@ func metaAdvancedSTSPredicates() []predicate[*kruiseappsv1beta1.StatefulSet, met return container.LivenessProbe != nil && container.ReadinessProbe != nil }, }, - { - Name: "envs-contains-connector-rpc-endpoint", - Fn: func(obj *kruiseappsv1beta1.StatefulSet, tc metaAdvancedSTSTestCase) bool { - container := &obj.Spec.Template.Spec.Containers[0] - return container.Env != nil && lo.Contains(container.Env, corev1.EnvVar{ - Name: envs.RWConnectorRPCEndPoint, - Value: tc.risingwave.Name + "-connector:50051", - }) - }, - }, } } diff --git a/pkg/factory/risingwave_object_factory_test.go b/pkg/factory/risingwave_object_factory_test.go index d45b96ca..5e3089b0 100644 --- a/pkg/factory/risingwave_object_factory_test.go +++ b/pkg/factory/risingwave_object_factory_test.go @@ -50,8 +50,6 @@ func Test_RisingWaveObjectFactory_Services(t *testing.T) { svc = factory.NewComputeService() case consts.ComponentCompactor: svc = factory.NewCompactorService() - case consts.ComponentConnector: - svc = factory.NewConnectorService() case consts.ComponentStandalone: svc = factory.NewStandaloneService() default: @@ -84,8 +82,6 @@ func Test_RisingWaveObjectFactory_ServicesMeta(t *testing.T) { svc = factory.NewComputeService() case consts.ComponentCompactor: svc = factory.NewCompactorService() - case consts.ComponentConnector: - svc = factory.NewConnectorService() case consts.ComponentStandalone: svc = factory.NewStandaloneService() default: diff --git a/pkg/factory/risingwave_object_factory_testcases_test.go b/pkg/factory/risingwave_object_factory_testcases_test.go index 91674a9c..881f6bf7 100644 --- a/pkg/factory/risingwave_object_factory_testcases_test.go +++ b/pkg/factory/risingwave_object_factory_testcases_test.go @@ -2761,20 +2761,6 @@ func servicesTestCases() map[string]servicesTestCase { globalServiceType: corev1.ServiceTypeNodePort, expectServiceType: corev1.ServiceTypeClusterIP, }, - "connector-ports": { - component: consts.ComponentConnector, - globalServiceType: corev1.ServiceTypeClusterIP, - expectServiceType: corev1.ServiceTypeClusterIP, - ports: map[string]int32{ - consts.PortService: consts.ConnectorServicePort, - consts.PortMetrics: consts.ConnectorMetricsPort, - }, - }, - "connector-ports-node-port": { - component: consts.ComponentConnector, - globalServiceType: corev1.ServiceTypeNodePort, - expectServiceType: corev1.ServiceTypeClusterIP, - }, "standalone-ports": { component: consts.ComponentStandalone, enableStandaloneMode: true, @@ -2880,24 +2866,6 @@ func serviceMetadataTestCases() map[string]serviceMetadataTestCase { }, }, }, - "random-connector-labels": { - component: consts.ComponentConnector, - globalServiceMeta: risingwavev1alpha1.PartialObjectMeta{ - Labels: map[string]string{ - "key1": "value1", - "key2": "value2", - }, - }, - }, - "random-connector-annotations": { - component: consts.ComponentConnector, - globalServiceMeta: risingwavev1alpha1.PartialObjectMeta{ - Annotations: map[string]string{ - "key1": "value1", - "key2": "value2", - }, - }, - }, } } diff --git a/pkg/manager/risingwave_controller_manager.cm b/pkg/manager/risingwave_controller_manager.cm index 2a18093f..a28a0e4d 100644 --- a/pkg/manager/risingwave_controller_manager.cm +++ b/pkg/manager/risingwave_controller_manager.cm @@ -47,12 +47,6 @@ decl RisingWaveControllerManager for RisingWave { owned } - // Service for connector nodes. - connectorService Service { - name=${target.Name}-connector - owned - } - // Service for standalone node. standaloneService Service { name=${target.Name}-standalone @@ -93,13 +87,6 @@ decl RisingWaveControllerManager for RisingWave { owned } - // Deployments for connector nodes. - connectorDeployments []Deployment { - labels/risingwave/name=${target.Name} - labels/risingwave/component=connector - owned - } - metaAdvancedStatefulSets []AdvancedStatefulSet { labels/risingwave/name=${target.Name} labels/risingwave/component=meta @@ -127,13 +114,6 @@ decl RisingWaveControllerManager for RisingWave { owned } - // Deployments for connector nodes. - connectorCloneSets []CloneSet { - labels/risingwave/name=${target.Name} - labels/risingwave/component=connector - owned - } - // StatefulSet for standalone node. standaloneStatefulSet StatefulSet { name=${target.Name}-standalone @@ -215,21 +195,6 @@ decl RisingWaveControllerManager for RisingWave { // WaitBeforeCompactorDeploymentsReady waits (aborts the workflow) before the compactor CloneSets are ready. WaitBeforeCompactorCloneSetsReady(compactorCloneSets) - // SyncConnectorService creates or updates the service for connector nodes. - SyncConnectorService(connectorService) - - // SyncConnectorDeployments creates or updates the Deployments for connector nodes. - SyncConnectorDeployments(connectorDeployments) - - // SyncConnectorCloneSets creates or updates the Deployments for connector nodes. - SyncConnectorCloneSets(connectorCloneSets) - - // WaitBeforeConnectorDeploymentsReady waits (aborts the workflow) before the connector Deployments are ready. - WaitBeforeConnectorDeploymentsReady(connectorDeployments) - - // WaitBeforeConnectorDeploymentsReady waits (aborts the workflow) before the connector CloneSets are ready. - WaitBeforeConnectorCloneSetsReady(connectorCloneSets) - // SyncConfigConfigMap creates or updates the configmap for RisingWave configs. SyncConfigConfigMap(configConfigMap) @@ -273,8 +238,8 @@ decl RisingWaveControllerManager for RisingWave { action { // CollectRunningStatisticsAndSyncStatus collects running statistics and sync them into the status. - CollectRunningStatisticsAndSyncStatus(frontendService, metaService, computeService, compactorService, connectorService, metaStatefulSets, frontendDeployments, computeStatefulSets, compactorDeployments, connectorDeployments, configConfigMap) - CollectOpenKruiseRunningStatisticsAndSyncStatus(frontendService, metaService, computeService, compactorService, connectorService, metaAdvancedStatefulSets, frontendCloneSets, computeAdvancedStatefulSets, compactorCloneSets, connectorCloneSets, configConfigMap) + CollectRunningStatisticsAndSyncStatus(frontendService, metaService, computeService, compactorService, metaStatefulSets, frontendDeployments, computeStatefulSets, compactorDeployments, configConfigMap) + CollectOpenKruiseRunningStatisticsAndSyncStatus(frontendService, metaService, computeService, compactorService, metaAdvancedStatefulSets, frontendCloneSets, computeAdvancedStatefulSets, compactorCloneSets, configConfigMap) // CollectRunningStatisticsAndSyncStatusForStandalone collects running statistics and sync them into the status. CollectRunningStatisticsAndSyncStatusForStandalone(standaloneService, standaloneStatefulSet, configConfigMap) diff --git a/pkg/manager/risingwave_controller_manager_generated.go b/pkg/manager/risingwave_controller_manager_generated.go index 255ae3f4..9e9e0582 100644 --- a/pkg/manager/risingwave_controller_manager_generated.go +++ b/pkg/manager/risingwave_controller_manager_generated.go @@ -222,83 +222,6 @@ func (s *RisingWaveControllerManagerState) GetConfigConfigMap(ctx context.Contex return &configConfigMap, nil } -// GetConnectorCloneSets lists connectorCloneSets with the following selectors: -// - labels/risingwave/component=connector -// - labels/risingwave/name=${target.Name} -// - owned -func (s *RisingWaveControllerManagerState) GetConnectorCloneSets(ctx context.Context) ([]appsv1alpha1.CloneSet, error) { - var connectorCloneSetsList appsv1alpha1.CloneSetList - - matchingLabels := map[string]string{ - "risingwave/component": "connector", - "risingwave/name": s.target.Name, - } - - err := s.List(ctx, &connectorCloneSetsList, client.InNamespace(s.target.Namespace), - client.MatchingLabels(matchingLabels)) - if err != nil { - return nil, fmt.Errorf("unable to get state 'connectorCloneSets': %w", err) - } - - var validated []appsv1alpha1.CloneSet - for _, obj := range connectorCloneSetsList.Items { - if ctrlkit.ValidateOwnership(&obj, s.target) { - validated = append(validated, obj) - } - } - - return validated, nil -} - -// GetConnectorDeployments lists connectorDeployments with the following selectors: -// - labels/risingwave/component=connector -// - labels/risingwave/name=${target.Name} -// - owned -func (s *RisingWaveControllerManagerState) GetConnectorDeployments(ctx context.Context) ([]appsv1.Deployment, error) { - var connectorDeploymentsList appsv1.DeploymentList - - matchingLabels := map[string]string{ - "risingwave/component": "connector", - "risingwave/name": s.target.Name, - } - - err := s.List(ctx, &connectorDeploymentsList, client.InNamespace(s.target.Namespace), - client.MatchingLabels(matchingLabels)) - if err != nil { - return nil, fmt.Errorf("unable to get state 'connectorDeployments': %w", err) - } - - var validated []appsv1.Deployment - for _, obj := range connectorDeploymentsList.Items { - if ctrlkit.ValidateOwnership(&obj, s.target) { - validated = append(validated, obj) - } - } - - return validated, nil -} - -// GetConnectorService gets connectorService with name equals to ${target.Name}-connector. -func (s *RisingWaveControllerManagerState) GetConnectorService(ctx context.Context) (*corev1.Service, error) { - var connectorService corev1.Service - - err := s.Get(ctx, types.NamespacedName{ - Namespace: s.target.Namespace, - Name: s.target.Name + "-connector", - }, &connectorService) - if err != nil { - if apierrors.IsNotFound(err) { - return nil, nil - } - return nil, fmt.Errorf("unable to get state 'connectorService': %w", err) - } - if !ctrlkit.ValidateOwnership(&connectorService, s.target) { - return nil, fmt.Errorf("unable to get state 'connectorService': object not owned by target") - } - - return &connectorService, nil -} - // GetFrontendCloneSets lists frontendCloneSets with the following selectors: // - labels/risingwave/component=frontend // - labels/risingwave/name=${target.Name} @@ -610,21 +533,6 @@ type RisingWaveControllerManagerImpl interface { // WaitBeforeCompactorDeploymentsReady waits (aborts the workflow) before the compactor CloneSets are ready. WaitBeforeCompactorCloneSetsReady(ctx context.Context, logger logr.Logger, compactorCloneSets []appsv1alpha1.CloneSet) (ctrl.Result, error) - // SyncConnectorService creates or updates the service for connector nodes. - SyncConnectorService(ctx context.Context, logger logr.Logger, connectorService *corev1.Service) (ctrl.Result, error) - - // SyncConnectorDeployments creates or updates the Deployments for connector nodes. - SyncConnectorDeployments(ctx context.Context, logger logr.Logger, connectorDeployments []appsv1.Deployment) (ctrl.Result, error) - - // SyncConnectorCloneSets creates or updates the Deployments for connector nodes. - SyncConnectorCloneSets(ctx context.Context, logger logr.Logger, connectorCloneSets []appsv1alpha1.CloneSet) (ctrl.Result, error) - - // WaitBeforeConnectorDeploymentsReady waits (aborts the workflow) before the connector Deployments are ready. - WaitBeforeConnectorDeploymentsReady(ctx context.Context, logger logr.Logger, connectorDeployments []appsv1.Deployment) (ctrl.Result, error) - - // WaitBeforeConnectorDeploymentsReady waits (aborts the workflow) before the connector CloneSets are ready. - WaitBeforeConnectorCloneSetsReady(ctx context.Context, logger logr.Logger, connectorCloneSets []appsv1alpha1.CloneSet) (ctrl.Result, error) - // SyncConfigConfigMap creates or updates the configmap for RisingWave configs. SyncConfigConfigMap(ctx context.Context, logger logr.Logger, configConfigMap *corev1.ConfigMap) (ctrl.Result, error) @@ -647,9 +555,9 @@ type RisingWaveControllerManagerImpl interface { SyncServiceMonitor(ctx context.Context, logger logr.Logger, serviceMonitor *monitoringv1.ServiceMonitor) (ctrl.Result, error) // CollectRunningStatisticsAndSyncStatus collects running statistics and sync them into the status. - CollectRunningStatisticsAndSyncStatus(ctx context.Context, logger logr.Logger, frontendService *corev1.Service, metaService *corev1.Service, computeService *corev1.Service, compactorService *corev1.Service, connectorService *corev1.Service, metaStatefulSets []appsv1.StatefulSet, frontendDeployments []appsv1.Deployment, computeStatefulSets []appsv1.StatefulSet, compactorDeployments []appsv1.Deployment, connectorDeployments []appsv1.Deployment, configConfigMap *corev1.ConfigMap) (ctrl.Result, error) + CollectRunningStatisticsAndSyncStatus(ctx context.Context, logger logr.Logger, frontendService *corev1.Service, metaService *corev1.Service, computeService *corev1.Service, compactorService *corev1.Service, metaStatefulSets []appsv1.StatefulSet, frontendDeployments []appsv1.Deployment, computeStatefulSets []appsv1.StatefulSet, compactorDeployments []appsv1.Deployment, configConfigMap *corev1.ConfigMap) (ctrl.Result, error) - CollectOpenKruiseRunningStatisticsAndSyncStatus(ctx context.Context, logger logr.Logger, frontendService *corev1.Service, metaService *corev1.Service, computeService *corev1.Service, compactorService *corev1.Service, connectorService *corev1.Service, metaAdvancedStatefulSets []appsv1beta1.StatefulSet, frontendCloneSets []appsv1alpha1.CloneSet, computeAdvancedStatefulSets []appsv1beta1.StatefulSet, compactorCloneSets []appsv1alpha1.CloneSet, connectorCloneSets []appsv1alpha1.CloneSet, configConfigMap *corev1.ConfigMap) (ctrl.Result, error) + CollectOpenKruiseRunningStatisticsAndSyncStatus(ctx context.Context, logger logr.Logger, frontendService *corev1.Service, metaService *corev1.Service, computeService *corev1.Service, compactorService *corev1.Service, metaAdvancedStatefulSets []appsv1beta1.StatefulSet, frontendCloneSets []appsv1alpha1.CloneSet, computeAdvancedStatefulSets []appsv1beta1.StatefulSet, compactorCloneSets []appsv1alpha1.CloneSet, configConfigMap *corev1.ConfigMap) (ctrl.Result, error) // CollectRunningStatisticsAndSyncStatusForStandalone collects running statistics and sync them into the status. CollectRunningStatisticsAndSyncStatusForStandalone(ctx context.Context, logger logr.Logger, standaloneService *corev1.Service, standaloneStatefulSet *appsv1.StatefulSet, configConfigMap *corev1.ConfigMap) (ctrl.Result, error) @@ -680,11 +588,6 @@ const ( RisingWaveAction_SyncCompactorCloneSets = "SyncCompactorCloneSets" RisingWaveAction_WaitBeforeCompactorDeploymentsReady = "WaitBeforeCompactorDeploymentsReady" RisingWaveAction_WaitBeforeCompactorCloneSetsReady = "WaitBeforeCompactorCloneSetsReady" - RisingWaveAction_SyncConnectorService = "SyncConnectorService" - RisingWaveAction_SyncConnectorDeployments = "SyncConnectorDeployments" - RisingWaveAction_SyncConnectorCloneSets = "SyncConnectorCloneSets" - RisingWaveAction_WaitBeforeConnectorDeploymentsReady = "WaitBeforeConnectorDeploymentsReady" - RisingWaveAction_WaitBeforeConnectorCloneSetsReady = "WaitBeforeConnectorCloneSetsReady" RisingWaveAction_SyncConfigConfigMap = "SyncConfigConfigMap" RisingWaveAction_SyncStandaloneService = "SyncStandaloneService" RisingWaveAction_SyncStandaloneStatefulSet = "SyncStandaloneStatefulSet" @@ -1207,121 +1110,6 @@ func (m *RisingWaveControllerManager) WaitBeforeCompactorCloneSetsReady() ctrlki }) } -// SyncConnectorService generates the action of "SyncConnectorService". -func (m *RisingWaveControllerManager) SyncConnectorService() ctrlkit.Action { - return ctrlkit.NewAction(RisingWaveAction_SyncConnectorService, func(ctx context.Context) (result ctrl.Result, err error) { - logger := m.logger.WithValues("action", RisingWaveAction_SyncConnectorService) - - // Get states. - connectorService, err := m.state.GetConnectorService(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - - // Invoke action. - if m.hook != nil { - defer func() { m.hook.PostRun(ctx, logger, RisingWaveAction_SyncConnectorService, result, err) }() - m.hook.PreRun(ctx, logger, RisingWaveAction_SyncConnectorService, map[string]runtime.Object{ - "connectorService": connectorService, - }) - } - - return m.impl.SyncConnectorService(ctx, logger, connectorService) - }) -} - -// SyncConnectorDeployments generates the action of "SyncConnectorDeployments". -func (m *RisingWaveControllerManager) SyncConnectorDeployments() ctrlkit.Action { - return ctrlkit.NewAction(RisingWaveAction_SyncConnectorDeployments, func(ctx context.Context) (result ctrl.Result, err error) { - logger := m.logger.WithValues("action", RisingWaveAction_SyncConnectorDeployments) - - // Get states. - connectorDeployments, err := m.state.GetConnectorDeployments(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - - // Invoke action. - if m.hook != nil { - defer func() { m.hook.PostRun(ctx, logger, RisingWaveAction_SyncConnectorDeployments, result, err) }() - m.hook.PreRun(ctx, logger, RisingWaveAction_SyncConnectorDeployments, map[string]runtime.Object{ - "connectorDeployments": &appsv1.DeploymentList{Items: connectorDeployments}, - }) - } - - return m.impl.SyncConnectorDeployments(ctx, logger, connectorDeployments) - }) -} - -// SyncConnectorCloneSets generates the action of "SyncConnectorCloneSets". -func (m *RisingWaveControllerManager) SyncConnectorCloneSets() ctrlkit.Action { - return ctrlkit.NewAction(RisingWaveAction_SyncConnectorCloneSets, func(ctx context.Context) (result ctrl.Result, err error) { - logger := m.logger.WithValues("action", RisingWaveAction_SyncConnectorCloneSets) - - // Get states. - connectorCloneSets, err := m.state.GetConnectorCloneSets(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - - // Invoke action. - if m.hook != nil { - defer func() { m.hook.PostRun(ctx, logger, RisingWaveAction_SyncConnectorCloneSets, result, err) }() - m.hook.PreRun(ctx, logger, RisingWaveAction_SyncConnectorCloneSets, map[string]runtime.Object{ - "connectorCloneSets": &appsv1alpha1.CloneSetList{Items: connectorCloneSets}, - }) - } - - return m.impl.SyncConnectorCloneSets(ctx, logger, connectorCloneSets) - }) -} - -// WaitBeforeConnectorDeploymentsReady generates the action of "WaitBeforeConnectorDeploymentsReady". -func (m *RisingWaveControllerManager) WaitBeforeConnectorDeploymentsReady() ctrlkit.Action { - return ctrlkit.NewAction(RisingWaveAction_WaitBeforeConnectorDeploymentsReady, func(ctx context.Context) (result ctrl.Result, err error) { - logger := m.logger.WithValues("action", RisingWaveAction_WaitBeforeConnectorDeploymentsReady) - - // Get states. - connectorDeployments, err := m.state.GetConnectorDeployments(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - - // Invoke action. - if m.hook != nil { - defer func() { m.hook.PostRun(ctx, logger, RisingWaveAction_WaitBeforeConnectorDeploymentsReady, result, err) }() - m.hook.PreRun(ctx, logger, RisingWaveAction_WaitBeforeConnectorDeploymentsReady, map[string]runtime.Object{ - "connectorDeployments": &appsv1.DeploymentList{Items: connectorDeployments}, - }) - } - - return m.impl.WaitBeforeConnectorDeploymentsReady(ctx, logger, connectorDeployments) - }) -} - -// WaitBeforeConnectorCloneSetsReady generates the action of "WaitBeforeConnectorCloneSetsReady". -func (m *RisingWaveControllerManager) WaitBeforeConnectorCloneSetsReady() ctrlkit.Action { - return ctrlkit.NewAction(RisingWaveAction_WaitBeforeConnectorCloneSetsReady, func(ctx context.Context) (result ctrl.Result, err error) { - logger := m.logger.WithValues("action", RisingWaveAction_WaitBeforeConnectorCloneSetsReady) - - // Get states. - connectorCloneSets, err := m.state.GetConnectorCloneSets(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - - // Invoke action. - if m.hook != nil { - defer func() { m.hook.PostRun(ctx, logger, RisingWaveAction_WaitBeforeConnectorCloneSetsReady, result, err) }() - m.hook.PreRun(ctx, logger, RisingWaveAction_WaitBeforeConnectorCloneSetsReady, map[string]runtime.Object{ - "connectorCloneSets": &appsv1alpha1.CloneSetList{Items: connectorCloneSets}, - }) - } - - return m.impl.WaitBeforeConnectorCloneSetsReady(ctx, logger, connectorCloneSets) - }) -} - // SyncConfigConfigMap generates the action of "SyncConfigConfigMap". func (m *RisingWaveControllerManager) SyncConfigConfigMap() ctrlkit.Action { return ctrlkit.NewAction(RisingWaveAction_SyncConfigConfigMap, func(ctx context.Context) (result ctrl.Result, err error) { @@ -1513,11 +1301,6 @@ func (m *RisingWaveControllerManager) CollectRunningStatisticsAndSyncStatus() ct return ctrlkit.RequeueIfError(err) } - connectorService, err := m.state.GetConnectorService(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - metaStatefulSets, err := m.state.GetMetaStatefulSets(ctx) if err != nil { return ctrlkit.RequeueIfError(err) @@ -1538,11 +1321,6 @@ func (m *RisingWaveControllerManager) CollectRunningStatisticsAndSyncStatus() ct return ctrlkit.RequeueIfError(err) } - connectorDeployments, err := m.state.GetConnectorDeployments(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - configConfigMap, err := m.state.GetConfigConfigMap(ctx) if err != nil { return ctrlkit.RequeueIfError(err) @@ -1558,17 +1336,15 @@ func (m *RisingWaveControllerManager) CollectRunningStatisticsAndSyncStatus() ct "metaService": metaService, "computeService": computeService, "compactorService": compactorService, - "connectorService": connectorService, "metaStatefulSets": &appsv1.StatefulSetList{Items: metaStatefulSets}, "frontendDeployments": &appsv1.DeploymentList{Items: frontendDeployments}, "computeStatefulSets": &appsv1.StatefulSetList{Items: computeStatefulSets}, "compactorDeployments": &appsv1.DeploymentList{Items: compactorDeployments}, - "connectorDeployments": &appsv1.DeploymentList{Items: connectorDeployments}, "configConfigMap": configConfigMap, }) } - return m.impl.CollectRunningStatisticsAndSyncStatus(ctx, logger, frontendService, metaService, computeService, compactorService, connectorService, metaStatefulSets, frontendDeployments, computeStatefulSets, compactorDeployments, connectorDeployments, configConfigMap) + return m.impl.CollectRunningStatisticsAndSyncStatus(ctx, logger, frontendService, metaService, computeService, compactorService, metaStatefulSets, frontendDeployments, computeStatefulSets, compactorDeployments, configConfigMap) }) } @@ -1598,11 +1374,6 @@ func (m *RisingWaveControllerManager) CollectOpenKruiseRunningStatisticsAndSyncS return ctrlkit.RequeueIfError(err) } - connectorService, err := m.state.GetConnectorService(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - metaAdvancedStatefulSets, err := m.state.GetMetaAdvancedStatefulSets(ctx) if err != nil { return ctrlkit.RequeueIfError(err) @@ -1623,11 +1394,6 @@ func (m *RisingWaveControllerManager) CollectOpenKruiseRunningStatisticsAndSyncS return ctrlkit.RequeueIfError(err) } - connectorCloneSets, err := m.state.GetConnectorCloneSets(ctx) - if err != nil { - return ctrlkit.RequeueIfError(err) - } - configConfigMap, err := m.state.GetConfigConfigMap(ctx) if err != nil { return ctrlkit.RequeueIfError(err) @@ -1643,17 +1409,15 @@ func (m *RisingWaveControllerManager) CollectOpenKruiseRunningStatisticsAndSyncS "metaService": metaService, "computeService": computeService, "compactorService": compactorService, - "connectorService": connectorService, "metaAdvancedStatefulSets": &appsv1beta1.StatefulSetList{Items: metaAdvancedStatefulSets}, "frontendCloneSets": &appsv1alpha1.CloneSetList{Items: frontendCloneSets}, "computeAdvancedStatefulSets": &appsv1beta1.StatefulSetList{Items: computeAdvancedStatefulSets}, "compactorCloneSets": &appsv1alpha1.CloneSetList{Items: compactorCloneSets}, - "connectorCloneSets": &appsv1alpha1.CloneSetList{Items: connectorCloneSets}, "configConfigMap": configConfigMap, }) } - return m.impl.CollectOpenKruiseRunningStatisticsAndSyncStatus(ctx, logger, frontendService, metaService, computeService, compactorService, connectorService, metaAdvancedStatefulSets, frontendCloneSets, computeAdvancedStatefulSets, compactorCloneSets, connectorCloneSets, configConfigMap) + return m.impl.CollectOpenKruiseRunningStatisticsAndSyncStatus(ctx, logger, frontendService, metaService, computeService, compactorService, metaAdvancedStatefulSets, frontendCloneSets, computeAdvancedStatefulSets, compactorCloneSets, configConfigMap) }) } @@ -1678,10 +1442,6 @@ func (m *RisingWaveControllerManager) CollectRunningStatisticsAndSyncStatusForSt return ctrlkit.RequeueIfError(err) } - if standaloneService == nil || standaloneStatefulSet == nil || configConfigMap == nil { - return ctrlkit.RequeueIfError(fmt.Errorf("standaloneService, standaloneStatefulSet, configConfigMap cannot be nil")) - } - // Invoke action. if m.hook != nil { defer func() { diff --git a/pkg/manager/risingwave_controller_manager_impl.go b/pkg/manager/risingwave_controller_manager_impl.go index e744f02c..ed3c5894 100644 --- a/pkg/manager/risingwave_controller_manager_impl.go +++ b/pkg/manager/risingwave_controller_manager_impl.go @@ -188,10 +188,9 @@ func buildStateStoreType(stateStore *risingwavev1alpha1.RisingWaveStateStoreBack } // CollectOpenKruiseRunningStatisticsAndSyncStatus implements RisingWaveControllerManagerImpl. -func (mgr *risingWaveControllerManagerImpl) CollectOpenKruiseRunningStatisticsAndSyncStatus(ctx context.Context, logger logr.Logger, frontendService *corev1.Service, metaService *corev1.Service, computeService *corev1.Service, compactorService *corev1.Service, connectorService *corev1.Service, metaAdvancedStatefulSets []kruiseappsv1beta1.StatefulSet, frontendCloneSets []kruiseappsv1alpha1.CloneSet, computeStatefulSets []kruiseappsv1beta1.StatefulSet, compactorCloneSets []kruiseappsv1alpha1.CloneSet, connectorCloneSets []kruiseappsv1alpha1.CloneSet, configConfigMap *corev1.ConfigMap) (reconcile.Result, error) { +func (mgr *risingWaveControllerManagerImpl) CollectOpenKruiseRunningStatisticsAndSyncStatus(ctx context.Context, logger logr.Logger, frontendService *corev1.Service, metaService *corev1.Service, computeService *corev1.Service, compactorService *corev1.Service, metaAdvancedStatefulSets []kruiseappsv1beta1.StatefulSet, frontendCloneSets []kruiseappsv1alpha1.CloneSet, computeStatefulSets []kruiseappsv1beta1.StatefulSet, compactorCloneSets []kruiseappsv1alpha1.CloneSet, configConfigMap *corev1.ConfigMap) (reconcile.Result, error) { risingwave := mgr.risingwaveManager.RisingWave() - embeddedConnectorEnabled := mgr.risingwaveManager.IsEmbeddedConnectorEnabled() componentsSpec := &risingwave.Spec.Components @@ -209,7 +208,6 @@ func (mgr *risingWaveControllerManagerImpl) CollectOpenKruiseRunningStatisticsAn Meta: buildNodeGroupStatus(componentsSpec.Meta.NodeGroups, getNameAndReplicasFromNodeGroup, metaAdvancedStatefulSets, getGroupAndReadyReplicasForStatefulSet), Frontend: buildNodeGroupStatus(componentsSpec.Frontend.NodeGroups, getNameAndReplicasFromNodeGroup, frontendCloneSets, getGroupAndReadyReplicasForCloneSets), Compactor: buildNodeGroupStatus(componentsSpec.Compactor.NodeGroups, getNameAndReplicasFromNodeGroup, compactorCloneSets, getGroupAndReadyReplicasForCloneSets), - Connector: buildNodeGroupStatus(componentsSpec.Connector.NodeGroups, getNameAndReplicasFromNodeGroup, connectorCloneSets, getGroupAndReadyReplicasForCloneSets), Compute: buildNodeGroupStatus(componentsSpec.Compute.NodeGroups, getNameAndReplicasFromNodeGroup, computeStatefulSets, getGroupAndReadyReplicasForStatefulSet), Standalone: risingwavev1alpha1.ComponentReplicasStatus{Target: 0, Running: 0}, } @@ -254,10 +252,6 @@ func (mgr *risingWaveControllerManagerImpl) CollectOpenKruiseRunningStatisticsAn cond: compactorService == nil, component: "Service(compactor)", }, - { - cond: !embeddedConnectorEnabled && connectorService == nil, - component: "Service(connector)", - }, { cond: configConfigMap == nil, component: "ConfigMap(config)", @@ -278,10 +272,6 @@ func (mgr *risingWaveControllerManagerImpl) CollectOpenKruiseRunningStatisticsAn cond: lo.ContainsBy(componentReplicas.Compactor.Groups, isGroupMissing), component: "CloneSets(compactor)", }, - { - cond: !embeddedConnectorEnabled && lo.ContainsBy(componentReplicas.Connector.Groups, isGroupMissing), - component: "CloneSets(connector)", - }, } brokenOrMissingComponents := lo.FilterMap(recoverConditionAndReasons, func(t struct { @@ -309,12 +299,11 @@ func (mgr *risingWaveControllerManagerImpl) CollectOpenKruiseRunningStatisticsAn // CollectRunningStatisticsAndSyncStatus implements RisingWaveControllerManagerImpl. func (mgr *risingWaveControllerManagerImpl) CollectRunningStatisticsAndSyncStatus(ctx context.Context, logger logr.Logger, frontendService *corev1.Service, metaService *corev1.Service, - computeService *corev1.Service, compactorService *corev1.Service, connectorService *corev1.Service, + computeService *corev1.Service, compactorService *corev1.Service, metaStatefulSets []appsv1.StatefulSet, frontendDeployments []appsv1.Deployment, - computeStatefulSets []appsv1.StatefulSet, compactorDeployments []appsv1.Deployment, connectorDeployments []appsv1.Deployment, + computeStatefulSets []appsv1.StatefulSet, compactorDeployments []appsv1.Deployment, configConfigMap *corev1.ConfigMap) (reconcile.Result, error) { risingwave := mgr.risingwaveManager.RisingWave() - embeddedConnectorEnabled := mgr.risingwaveManager.IsEmbeddedConnectorEnabled() componentsSpec := &risingwave.Spec.Components @@ -331,7 +320,6 @@ func (mgr *risingWaveControllerManagerImpl) CollectRunningStatisticsAndSyncStatu Meta: buildNodeGroupStatus(componentsSpec.Meta.NodeGroups, getNameAndReplicasFromNodeGroup, metaStatefulSets, getGroupAndReadyReplicasForStatefulSet), Frontend: buildNodeGroupStatus(componentsSpec.Frontend.NodeGroups, getNameAndReplicasFromNodeGroup, frontendDeployments, getGroupAndReadyReplicasForDeployment), Compactor: buildNodeGroupStatus(componentsSpec.Compactor.NodeGroups, getNameAndReplicasFromNodeGroup, compactorDeployments, getGroupAndReadyReplicasForDeployment), - Connector: buildNodeGroupStatus(componentsSpec.Connector.NodeGroups, getNameAndReplicasFromNodeGroup, connectorDeployments, getGroupAndReadyReplicasForDeployment), Compute: buildNodeGroupStatus(componentsSpec.Compute.NodeGroups, getNameAndReplicasFromNodeGroup, computeStatefulSets, getGroupAndReadyReplicasForStatefulSet), Standalone: risingwavev1alpha1.ComponentReplicasStatus{Target: 0, Running: 0}, } @@ -377,10 +365,6 @@ func (mgr *risingWaveControllerManagerImpl) CollectRunningStatisticsAndSyncStatu cond: compactorService == nil, component: "Service(compactor)", }, - { - cond: !embeddedConnectorEnabled && connectorService == nil, - component: "Service(connector)", - }, { cond: configConfigMap == nil, component: "ConfigMap(config)", @@ -401,10 +385,6 @@ func (mgr *risingWaveControllerManagerImpl) CollectRunningStatisticsAndSyncStatu cond: lo.ContainsBy(componentReplicas.Compactor.Groups, isGroupMissing), component: "Deployments(compactor)", }, - { - cond: !embeddedConnectorEnabled && lo.ContainsBy(componentReplicas.Connector.Groups, isGroupMissing), - component: "Deployments(connector)", - }, } brokenOrMissingComponents := lo.FilterMap(recoverConditionAndReasons, func(t struct { @@ -538,26 +518,6 @@ func (mgr *risingWaveControllerManagerImpl) SyncCompactorCloneSets(ctx context.C ) } -// SyncConnectorDeployments implements RisingWaveControllerManagerImpl. -func (mgr *risingWaveControllerManagerImpl) SyncConnectorDeployments(ctx context.Context, logger logr.Logger, connectorDeployments []appsv1.Deployment) (reconcile.Result, error) { - return syncComponentGroupWorkloads(mgr, ctx, logger, - consts.ComponentConnector, - connectorDeployments, mgr.objectFactory.NewConnectorDeployment, - // Only sync if Open Kruise is disabled. - !mgr.risingwaveManager.IsOpenKruiseEnabled() && !mgr.risingwaveManager.IsStandaloneModeEnabled(), - ) -} - -// SyncConnectorCloneSets implements RisingWaveControllerManagerImpl. -func (mgr *risingWaveControllerManagerImpl) SyncConnectorCloneSets(ctx context.Context, logger logr.Logger, connectorCloneSets []kruiseappsv1alpha1.CloneSet) (reconcile.Result, error) { - return syncComponentGroupWorkloads(mgr, ctx, logger, - consts.ComponentConnector, - connectorCloneSets, mgr.objectFactory.NewConnectorCloneSet, - // Only sync if Open Kruise is enabled. - mgr.risingwaveManager.IsOpenKruiseEnabled() && !mgr.risingwaveManager.IsStandaloneModeEnabled(), - ) -} - // SyncComputeStatefulSets implements RisingWaveControllerManagerImpl. func (mgr *risingWaveControllerManagerImpl) SyncComputeStatefulSets(ctx context.Context, logger logr.Logger, computeStatefulSets []appsv1.StatefulSet) (reconcile.Result, error) { return syncComponentGroupWorkloads(mgr, ctx, logger, @@ -674,28 +634,6 @@ func (mgr *risingWaveControllerManagerImpl) WaitBeforeCompactorCloneSetsReady(ct ) } -// WaitBeforeConnectorDeploymentsReady implements RisingWaveControllerManagerImpl. -func (mgr *risingWaveControllerManagerImpl) WaitBeforeConnectorDeploymentsReady(ctx context.Context, logger logr.Logger, connectorDeployments []appsv1.Deployment) (reconcile.Result, error) { - return waitComponentGroupWorkloadsReady(ctx, logger, consts.ComponentConnector, - lo.If(!mgr.risingwaveManager.IsOpenKruiseEnabled() && !mgr.risingwaveManager.IsStandaloneModeEnabled(), - mgr.buildExpectedGroupSet(consts.ComponentConnector)).Else(nil), - connectorDeployments, - func(t *appsv1.Deployment) bool { return mgr.isObjectSynced(t) && utils.IsDeploymentRolledOut(t) }, - ) -} - -// WaitBeforeConnectorCloneSetsReady implements RisingWaveControllerManagerImpl. -func (mgr *risingWaveControllerManagerImpl) WaitBeforeConnectorCloneSetsReady(ctx context.Context, logger logr.Logger, connectorCloneSets []kruiseappsv1alpha1.CloneSet) (reconcile.Result, error) { - return waitComponentGroupWorkloadsReady(ctx, logger, consts.ComponentConnector, - lo.If(mgr.risingwaveManager.IsOpenKruiseEnabled() && !mgr.risingwaveManager.IsStandaloneModeEnabled(), - mgr.buildExpectedGroupSet(consts.ComponentConnector)).Else(nil), - connectorCloneSets, - func(t *kruiseappsv1alpha1.CloneSet) bool { - return mgr.isObjectSynced(t) && utils.IsCloneSetRolledOut(t) - }, - ) -} - // WaitBeforeComputeStatefulSetsReady implements RisingWaveControllerManagerImpl. func (mgr *risingWaveControllerManagerImpl) WaitBeforeComputeStatefulSetsReady(ctx context.Context, logger logr.Logger, computeStatefulSets []appsv1.StatefulSet) (reconcile.Result, error) { return waitComponentGroupWorkloadsReady(ctx, logger, consts.ComponentCompute, @@ -893,19 +831,6 @@ func (mgr *risingWaveControllerManagerImpl) SyncCompactorService(ctx context.Con return ctrlkit.NoRequeue() } -// SyncConnectorService implements RisingWaveControllerManagerImpl. -func (mgr *risingWaveControllerManagerImpl) SyncConnectorService(ctx context.Context, logger logr.Logger, connectorService *corev1.Service) (reconcile.Result, error) { - if !mgr.risingwaveManager.IsStandaloneModeEnabled() { - err := syncObject(mgr, ctx, connectorService, mgr.objectFactory.NewConnectorService, logger) - return ctrlkit.RequeueIfErrorAndWrap("unable to sync connector service", err) - } - if connectorService != nil { - err := mgr.client.Delete(ctx, connectorService, client.Preconditions{UID: &connectorService.UID}) - return ctrlkit.RequeueIfErrorAndWrap("unable to sync connector service", err) - } - return ctrlkit.NoRequeue() -} - // SyncComputeService implements RisingWaveControllerManagerImpl. func (mgr *risingWaveControllerManagerImpl) SyncComputeService(ctx context.Context, logger logr.Logger, computeService *corev1.Service) (reconcile.Result, error) { if !mgr.risingwaveManager.IsStandaloneModeEnabled() { diff --git a/pkg/manager/risingwave_scale_view_controller_manager_impl.go b/pkg/manager/risingwave_scale_view_controller_manager_impl.go index 046d6a6b..790ba16e 100644 --- a/pkg/manager/risingwave_scale_view_controller_manager_impl.go +++ b/pkg/manager/risingwave_scale_view_controller_manager_impl.go @@ -138,9 +138,6 @@ func readRunningReplicas(obj *risingwavev1alpha1.RisingWave, component, group st case consts.ComponentCompactor: g, _ := lo.Find(obj.Status.ComponentReplicas.Compactor.Groups, pred) return g.Running - case consts.ComponentConnector: - g, _ := lo.Find(obj.Status.ComponentReplicas.Connector.Groups, pred) - return g.Running case consts.ComponentCompute: g, _ := lo.Find(obj.Status.ComponentReplicas.Compute.Groups, pred) return g.Running diff --git a/pkg/object/risingwave_manager.go b/pkg/object/risingwave_manager.go index 2dc6419b..81afb39d 100644 --- a/pkg/object/risingwave_manager.go +++ b/pkg/object/risingwave_manager.go @@ -75,8 +75,6 @@ func (r *RisingWaveReader) GetNodeGroups(component string) []risingwavev1alpha1. return r.risingwave.Spec.Components.Compactor.NodeGroups case consts.ComponentFrontend: return r.risingwave.Spec.Components.Frontend.NodeGroups - case consts.ComponentConnector: - return r.risingwave.Spec.Components.Connector.NodeGroups case consts.ComponentCompute: return r.risingwave.Spec.Components.Compute.NodeGroups case consts.ComponentStandalone: @@ -204,11 +202,6 @@ func (r *RisingWaveReader) IsStandaloneModeEnabled() bool { return ptr.Deref(r.risingwave.Spec.EnableStandaloneMode, false) } -// IsEmbeddedConnectorEnabled returns true when the embedded connector is enabled. -func (r *RisingWaveReader) IsEmbeddedConnectorEnabled() bool { - return ptr.Deref(r.risingwave.Spec.EnableEmbeddedConnector, false) -} - // KeepLock resets the current scale views record in the status with the given array. func (mgr *RisingWaveManager) KeepLock(aliveScaleView []risingwavev1alpha1.RisingWaveScaleViewLock) { mgr.mu.Lock() diff --git a/pkg/scaleview/scale_view_helper.go b/pkg/scaleview/scale_view_helper.go index 3a48a883..997a8c2f 100644 --- a/pkg/scaleview/scale_view_helper.go +++ b/pkg/scaleview/scale_view_helper.go @@ -57,8 +57,6 @@ func (r *RisingWaveScaleViewHelper) findReplicaPtrGroup(group string) (*int32, i return r.findReplicaPtrFromNodeGroups(r.risingwave.Spec.Components.Frontend.NodeGroups, group) case consts.ComponentCompactor: return r.findReplicaPtrFromNodeGroups(r.risingwave.Spec.Components.Compactor.NodeGroups, group) - case consts.ComponentConnector: - return r.findReplicaPtrFromNodeGroups(r.risingwave.Spec.Components.Connector.NodeGroups, group) case consts.ComponentCompute: return r.findReplicaPtrFromNodeGroups(r.risingwave.Spec.Components.Compute.NodeGroups, group) case consts.ComponentStandalone: @@ -85,8 +83,6 @@ func (r *RisingWaveScaleViewHelper) ListComponentGroups() []string { nodeGroups = r.risingwave.Spec.Components.Compute.NodeGroups case consts.ComponentCompactor: nodeGroups = r.risingwave.Spec.Components.Compactor.NodeGroups - case consts.ComponentConnector: - nodeGroups = r.risingwave.Spec.Components.Connector.NodeGroups default: panic(fmt.Sprintf("unknown component %v", r.component)) } diff --git a/pkg/scaleview/scale_view_helper_test.go b/pkg/scaleview/scale_view_helper_test.go index 5ca0f13c..b76f56f3 100644 --- a/pkg/scaleview/scale_view_helper_test.go +++ b/pkg/scaleview/scale_view_helper_test.go @@ -27,7 +27,7 @@ import ( func TestRisingWaveScaleViewHelper_GetGroupIndex(t *testing.T) { for _, component := range []string{ - consts.ComponentFrontend, consts.ComponentMeta, consts.ComponentCompactor, consts.ComponentCompute, consts.ComponentConnector, + consts.ComponentFrontend, consts.ComponentMeta, consts.ComponentCompactor, consts.ComponentCompute, } { helper := NewRisingWaveScaleViewHelper(testutils.FakeRisingWave(), component) index, ok := helper.GetGroupIndex("") @@ -41,7 +41,7 @@ func TestRisingWaveScaleViewHelper_GetGroupIndex(t *testing.T) { func TestRisingWaveScaleViewHelper_ListComponentGroups(t *testing.T) { for _, component := range []string{ - consts.ComponentFrontend, consts.ComponentMeta, consts.ComponentCompactor, consts.ComponentCompute, consts.ComponentConnector, + consts.ComponentFrontend, consts.ComponentMeta, consts.ComponentCompactor, consts.ComponentCompute, } { helper := NewRisingWaveScaleViewHelper(testutils.FakeRisingWave(), component) groups := helper.ListComponentGroups() @@ -51,7 +51,7 @@ func TestRisingWaveScaleViewHelper_ListComponentGroups(t *testing.T) { func TestRisingWaveScaleViewHelper_ReadReplicas(t *testing.T) { for _, component := range []string{ - consts.ComponentFrontend, consts.ComponentMeta, consts.ComponentCompactor, consts.ComponentCompute, consts.ComponentConnector, + consts.ComponentFrontend, consts.ComponentMeta, consts.ComponentCompactor, consts.ComponentCompute, } { helper := NewRisingWaveScaleViewHelper(testutils.FakeRisingWave(), component) replicas, ok := helper.ReadReplicas(testutils.GetNodeGroupName(0)) @@ -65,7 +65,7 @@ func TestRisingWaveScaleViewHelper_ReadReplicas(t *testing.T) { func TestRisingWaveScaleViewHelper_WriteReplicas(t *testing.T) { for _, component := range []string{ - consts.ComponentFrontend, consts.ComponentMeta, consts.ComponentCompactor, consts.ComponentCompute, consts.ComponentConnector, + consts.ComponentFrontend, consts.ComponentMeta, consts.ComponentCompactor, consts.ComponentCompute, } { helper := NewRisingWaveScaleViewHelper(testutils.FakeRisingWave(), component) diff --git a/pkg/testutils/testutils.go b/pkg/testutils/testutils.go index e77bc7bf..df76f560 100644 --- a/pkg/testutils/testutils.go +++ b/pkg/testutils/testutils.go @@ -180,29 +180,6 @@ var fakeRisingWave = &risingwavev1alpha1.RisingWave{ }, }, }, - Connector: risingwavev1alpha1.RisingWaveComponent{ - NodeGroups: []risingwavev1alpha1.RisingWaveNodeGroup{ - { - Replicas: 1, - Template: risingwavev1alpha1.RisingWaveNodePodTemplate{ - Spec: risingwavev1alpha1.RisingWaveNodePodTemplateSpec{ - RisingWaveNodeContainer: risingwavev1alpha1.RisingWaveNodeContainer{ - Resources: corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("1"), - corev1.ResourceMemory: resource.MustParse("1Gi"), - }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("100m"), - corev1.ResourceMemory: resource.MustParse("100Mi"), - }, - }, - }, - }, - }, - }, - }, - }, }, }, Status: risingwavev1alpha1.RisingWaveStatus{ @@ -265,17 +242,6 @@ var fakeRisingWave = &risingwavev1alpha1.RisingWave{ }, }, }, - Connector: risingwavev1alpha1.ComponentReplicasStatus{ - Target: 1, - Running: 1, - Groups: []risingwavev1alpha1.ComponentGroupReplicasStatus{ - { - Name: "", - Target: 1, - Running: 1, - }, - }, - }, }, }, } diff --git a/pkg/utils/sort_test.go b/pkg/utils/sort_test.go index 7f0f5536..02031a36 100644 --- a/pkg/utils/sort_test.go +++ b/pkg/utils/sort_test.go @@ -268,10 +268,6 @@ func Test_SortEnvVarSlice(t *testing.T) { Name: "RW_PROMETHEUS_HOST", Value: "0.0.0.0:1250", }, - { - Name: "RW_CONNECTOR_RPC_ENDPOINT", - Value: "sv-example-connector:50051", - }, { Name: "RW_BACKEND", Value: "mem", @@ -303,10 +299,6 @@ func Test_SortEnvVarSlice(t *testing.T) { Name: "RW_CONFIG_PATH", Value: "/risingwave/config/risingwave.toml", }, - { - Name: "RW_CONNECTOR_RPC_ENDPOINT", - Value: "sv-example-connector:50051", - }, { Name: "RW_DASHBOARD_HOST", Value: "0.0.0.0:5691", @@ -352,9 +344,6 @@ func Test_SortEnvVarSlice(t *testing.T) { { Name: "RW_CONFIG_PATH", }, - { - Name: "RW_CONNECTOR_RPC_ENDPOINT", - }, { Name: "RW_DASHBOARD_HOST", }, @@ -416,9 +405,6 @@ func Test_SortEnvVarSlice(t *testing.T) { { Name: "RW_CONFIG_PATH", }, - { - Name: "RW_CONNECTOR_RPC_ENDPOINT", - }, { Name: "RW_DASHBOARD_HOST", }, diff --git a/pkg/webhook/risingwave_validating_webhook.go b/pkg/webhook/risingwave_validating_webhook.go index 208bb732..e0b4fc35 100644 --- a/pkg/webhook/risingwave_validating_webhook.go +++ b/pkg/webhook/risingwave_validating_webhook.go @@ -55,13 +55,12 @@ func isImageValid(image string) bool { } var systemEnv = map[string]bool{ - envs.PodIP: true, - envs.PodName: true, - envs.PodNamespace: true, - envs.RustBacktrace: true, - envs.RWWorkerThreads: true, - envs.RWConnectorRPCEndPoint: true, - envs.JavaOpts: true, + envs.PodIP: true, + envs.PodName: true, + envs.PodNamespace: true, + envs.RustBacktrace: true, + envs.RWWorkerThreads: true, + envs.JavaOpts: true, } func (v *RisingWaveValidatingWebhook) isBypassed(obj client.Object) bool { @@ -256,11 +255,6 @@ func (v *RisingWaveValidatingWebhook) validateComponents(path *field.Path, compo fieldErrs = append(fieldErrs, v.validateNodeGroup(compactorGroupsPath.Index(i), &ng, openKruiseEnabled)...) } - connectorGroupsPath := path.Child("connector", "nodeGroups") - for i, ng := range components.Connector.NodeGroups { - fieldErrs = append(fieldErrs, v.validateNodeGroup(connectorGroupsPath.Index(i), &ng, openKruiseEnabled)...) - } - computeGroupsPath := path.Child("compute", "nodeGroups") for i, ng := range components.Compute.NodeGroups { fieldErrs = append(fieldErrs, v.validateNodeGroup(computeGroupsPath.Index(i), &ng, openKruiseEnabled)...) diff --git a/test/e2e/tests/risingwave/manifests/connector/connector-test.yaml b/test/e2e/tests/risingwave/manifests/connector/connector-test.yaml deleted file mode 100644 index cfdfa3c5..00000000 --- a/test/e2e/tests/risingwave/manifests/connector/connector-test.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: risingwave.risingwavelabs.com/v1alpha1 -kind: RisingWave -metadata: - name: ${E2E_RISINGWAVE_NAME} - namespace: ${E2E_NAMESPACE} -spec: - image: ${E2E_RISINGWAVE_IMAGE} - metaStore: - memory: true - stateStore: - memory: true - components: - meta: - nodeGroups: - - replicas: 1 - name: '' - compactor: - nodeGroups: - - replicas: 1 - name: '' - frontend: - nodeGroups: - - replicas: 1 - name: '' - compute: - nodeGroups: - - replicas: 1 - name: '' - connector: - nodeGroups: - - replicas: 1 - name: '' \ No newline at end of file diff --git a/test/e2e/tests/risingwave/tests.sh b/test/e2e/tests/risingwave/tests.sh index fbc148a3..bf2caebe 100644 --- a/test/e2e/tests/risingwave/tests.sh +++ b/test/e2e/tests/risingwave/tests.sh @@ -224,18 +224,6 @@ function test::run::risingwave::openkruise_integration() { fi } -function test::run::risingwave::connector_test() { - logging::info "Starting RisingWave..." - if ! test::risingwave::start connector/connector-test.yaml; then - return 1 - fi - logging::info "Started!" - - logging::info "Stopping RisingWave..." - test::risingwave::stop connector/connector-test.yaml - logging::info "Stopped!" -} - # Export the test case only when the required parameters exists. if [[ -v "E2E_AWS_ACCESS_KEY_ID" && -v "E2E_AWS_SECRET_ACCESS_KEY_ID" && -v "E2E_AWS_S3_REGION" && -v "E2E_AWS_S3_BUCKET" ]]; then function test::run::risingwave::storage_support::object_aws_s3() {